Hi all – Dave here…
This past month marked the five year anniversary of the implementation of the SDL here at Microsoft. To mark that occasion, we had a recent series of posts from security veterans from those days as well as a couple of SDL War Story videos, featuring two SDL blog regulars and security thought leaders – Michael Howard and Steve Lipner.
It’s been interesting (and kind of surreal) to look back at the early days and the hard lessons learned from the likes of Nimda and Code Red – but it’s also been encouraging to see how far we’ve come as a company.
One other side effect of these retrospective musings – is that it has made us all the more aware that there’s a ton of work left to do. Microsoft can share a lot with the developer community as a result from “learning the hard way.” That’s where my team comes in.
This past year, we launched the SDL Pro Network, the SDL Optimization Model and the SDL Threat Modeling Tool. In the months to come, we plan to publish refreshed SDL guidance; we’ll also have new tools and information that will assist with implementation of the Microsoft SDL within an organization.
So, while it’s great to look back and realize how far we’ve come, we’re acutely focused on where we need to go.
As always, we welcome your comments…