A new publication from Trustworthy Computing entitled “The SDL Progress Report” is now avilable on Microsoft Download Center. This work has been in progress for a number of months and incorporates data and analysis from various groups in our organization.
In this report you’ll learn about the evolution of the Microsoft Security Development Lifecycle (SDL) and the progress Microsoft has made in using the SDL and security science to reduce vulnerabilities and mitigate threats to Microsoft software and services.
“The first section of the document focuses on the history of the Microsoft SDL from its earliest days -highlighting important milestones in the development of the SDL process. As we collated material for this section of the document, it wound up being an interesting history lesson; starting with Bill Gates’ original TwC memo in 2002, it pinpoints the inclusion of many of the processes and technologies over time that make up the SDL as it’s practiced today.
In the second section of the document, Matt Miller did an excellent job at illustrating our ongoing commitment to security science. In addition to going into detail on some of the mitigation techniques required by the SDL, the security science section exposes some interesting data about the adoption of these techniques by a section of the ISV community,” revealed SDL team blog.
More Info: Download