Security Development Lifecycle (SDL) is the software security assurance process used at Microsoft to develop more secure software. First version of SDL, focused heavily on client/server apps, dates back to 2002. Later versions expanded their scope to include teams who're designing & building Web apps. Windows Live team adopted many of the newer Web-focused requirements of SDL before these requirements were incorporated into SDL.
This paper summarizes these new features, describes the process that Live team followed to roll out SDL, and captures some of the lessons that they learned along the way. This paper also describes how the use of SDL by Live team has evolved, starting with Windows Live Wave 2, through Live Wave 3, and on to upcoming release, Wave 4.
More Info: Download