I wanted to mention to folks that a new Security Development Lifecycle (SDL) web site went up earlier this month on microsoft.com. Amazingly, you can navigate to it via http://www.microsoft.com/sdl, instead of some long name you’d never remember.
Of course, once you navigate to that URL, you get redirected to a long url that you’ll never remember that is on the MSDN subsite, which is encouraging when you think about it.
I have it on reasonably good authority (aka the site owner), that there are plans for the site content to grow this year and that this will be one of the main starting points to learn more about Microsoft efforts to improve developer’s ability to write code that is less prone to security problems.
While I’m on this topic, I may as well provide some other pointers to related content, lifted from the SDL Home page:
Considering the large amount of customer software that is developed in-house at large companies, I think SDL-like processes are becoming a critical need beyond vendor-developed software. If your company hasn’t started this process already, these resource might provide a good starting point.
Regards ~ Jeff