Almost from the time we created the SDL in 2004, we’ve been sharing information about our process, tools and training. We’ve taken this step because we recognize that our customers use lots of software that comes from organizations other than Microsoft, and that in order for them to have a more secure experience on the Internet, the organizations that develop that software also have to apply secure development practices.
Beyond making information and tools available through our web site, we also engage in direct collaboration with some development organizations. Those collaborations have been driven by the importance of the other organization to the Internet ecosystem and by the opportunity for us to have a technical exchange with a sophisticated development team that may have some ideas, approaches, or challenges that we haven’t thought of. At any one time in recent years, we’ve had several such collaborations going, usually driven by Jeremy Dallman from our SDL team. The collaborations are usually conducted under a nondisclosure agreement because we need to exchange proprietary information about companies’ processes and tools. We may never talk publicly about these agreements at all.
However, we are pleased to say that about three weeks ago, Cisco announced the creation of the Cisco Secure Development Lifecycle (CSDL) and elected to acknowledge that the CSDL had benefited from one of these collaborations. I’d like to thank our colleagues at Cisco for their acknowledgement, and to say that we’ve enjoyed and benefited from the opportunity to work with them.