Microsoft Security Development Lifecycle Process Guidance - version 5.1 (SDL 5.1) is now available for download (.docx format) as well as updated online in the MSDN library.
This public update of our internal SDL process guidance documentation is intended to provide transparency into how we implement the SDL at Microsoft. The changes in SDL 5.1 continue to demonstrate that the Microsoft SDL is continuously evolving to address new attacks, implement new protections, and improve the security of Microsoft products early in the software development lifecycle.
"Since this is a "dot" release, the number of updates is smaller. We have tagged each change within the paper so they can be easy discovered by searching in document for "New for SDL 5.1", "Promoted requirement for SDL 5.1" or "Updated for SDL 5.1"). The updated content in the MSDN library includes all updates automatically," stated Jeremy Dallman.
"The Microsoft Security Development Lifecycle (SDL) process guidance illustrates the way Microsoft applies the SDL to its products and technologies. It includes security and privacy requirements and recommendations for secure software development at Microsoft.
It addresses SDL guidance for Waterfall and Spiral development, Agile development, web applications and Line of Business applications. IT policy makers and software development organizations can leverage this content to enhance and inform their own software security and privacy assurance programs."
More Info: Download