Jeremy Dallman here to let you know we published a couple of new interesting Microsoft SDL stories last week in an effort to continue demonstrating in a tangible and easy-to-read way how Microsoft teams implement the SDL.
We hear about more companies investigating how they can integrate the Microsoft SDL into their software development process in order to ship more secure software. At Microsoft, we have been doing this for several years, but have only recently shared the stories behind how our product teams do the SDL (see SDL Publications – whitepapers). As Windows Internet Explorer 8 and the 2007 Microsoft Office System were publicly released, the security experts that guided those products through the full Security Development Lifecycle saw an opportunity to share some details about how each of these products executed on the SDL. They have written the stories of the SDL for each of these products.
These papers can serve as a reference tool as you begin to think about the implementation of the SDL in your own software development lifecycle. The Microsoft SDL has been in place at Microsoft for almost six years and has demonstrated its effectiveness in improving software security. We hope that these papers along with the SDL Optimization Model, the Simplified Implementation of the Microsoft SDL whitepaper, and our other resources on the SDL portal will help you as you begin integrating the Microsoft SDL into your own software development process.
If you are starting to think about adopting the SDL or already have created your own version of the SDL, we would love to hear from you! Feel free to either tell us in the Comments section of this post or email us directly.