Microsoft has published a new report that outlines nine years of progress in developing, improving and sharing the Security Development Lifecycle (SDL) process.
The SDL Progress Report is aimed showing IT business decision-makers the links between secure development, reduced attacks and business efficiencies.
Using both internal and external information, the report concludes that adopting secure development processes, like the SDL, can lead to the earlier identification of vulnerabilities and offset the costly cycle of addressing vulnerabilities at the end of the development cycle or after an attack.
The report also shows how combining technology and processes can enhance the benefits of secure development.
"We hope you find valuable information on secure development lessons learned at Microsoft, how we've applied security science, and the correlation between holistic security processes, risk reduction, and organisational efficiency," Microsoft's SDL team said in a blog post.
According to the team, one of the most important leessons has been that security threats are not static.
For this reason, work on developing secure software and evolving the SDL to stay ahead of complex attacks will never be done, they said, but the team believes its SDL tools and processes add value and should be shared broadly with the security ecosystem.
"A collective effort is needed to meet the threat to computer users worldwide," they said.
31 Mar 2011