Microsoft Talks About SDL And How It Changed The Security Landscape In The Software Industry

Microsoft recently posted a great story discussing on how Microsoft started SDL(Security Development Lifecycle) in the Windows XP era and how it was adopted by software industry. After Windows XP was affected by various worm and virus attacks, Microsoft even stopped the development of Windows and focused on improving the security of the OS.

Thus, in February 2002 the entire Windows division shut down and diverted all of its developers to security. Everyone was given training to outline expectations and priorities — threat modeling, code reviews, available tools, penetration testing — all designed to modify the default behavior of the system to make it more secure. Their room at the Microsoft Briefing Center was filled to its 950-person capacity twice a day for five days as Lipner and his team worked their way through.

Bill Gates’ trustworthy computing memo was the turning point in Microsoft’s history to focus on software security.

Pittaway’s modern-day take echoes Bill Gates’ early vision, reinforcing the central need for, and importance of, security in technology. In his memo Gates predicted that “within 10 years, computing will be an integral and indispensable part of almost everything we do.” He was right, and with the threat of cybercrime not going away, we should all be asking how securely built is the technology we’re using right now?The SDL was built on the concept that security should not be an afterthought. Today that approach is as important as ever. With technology becoming more and more woven into the fabric of society, cybercriminals continue to probe for cracks in the system, whether it’s at a company or in someone’s smartphone. Bottom line — the industry must evolve and no longer treat computer security as an afterthought. There’s just too much at stake to do otherwise.

Read the fascinating story from the below link.

http://www.microsoft.com/security/sdl/story/