Microsoft Security Development Lifecycle (SDL)

With the rapid increments  in use of  Application Softwares, the Attacks are also increased that poses a significant threat to your information. A poorly developed application can open your system to attacks. So, the SDL Network was created by Microsoft to reduce software maintenance costs by increasing reliability of softwares and  to address the challenges developers are facing with the increasing shift of attacks to the application layer.

This concepts were formed with the Trustworthy Computing (TwC) directive of January 2002. At that time, many software development groups at Microsoft instigated “security pushes” to find ways to improve the security of existing code.

Since 2004, Microsoft Security Development Life Cycle(SDL) is mandatory software development policy for all products with meaningful business risk and/or access to sensitive data and SDL was designed as an integral part of the development process.

Security Development Process (SDL) Process :

Secure by Design; Secure by Default; Secure in Deployment; and Communications (SD3+C) were guiding principle defined  by Microsoft to guide the creation and support of more secure software.The SDL brings these principles to life, by integrating them into every step of the software development lifecycle

There are total 7 Development Phase of SDL activities:

  1. Training : Get informed about security basics and recent trends in security and privacy.
  2. Requirements: Analyzing security and privacy risk , Defining quality gates
  3. Design : Threat modeling , Attack surface analysis
  4. Implementation: Specifying tools, Enforcing banned functions, Static analysis
  5. Verification: Dynamic/Fuzz testing , Verifying threat models and attack surface
  6. Release: Response plan ,making Final security review , Releasing archive
  7. Response: Response execution

For more information on the SDL Process, read the SDL Process Guidance.


Benefits of the Microsoft SDL
  1. Reducing the number of software vulnerabilities
  2. Reducing the “total cost of development” by finding and eliminating vulnerabilities early.


Measurable Security Improvements

Windows Vista was the first OS to benefit from the SDL, and the illustration below indicates security improvements derived from the SDL when compared to Windows XP.

View Complete list here


Educate yourself and your peers on how to build more secure applications and services!

The Microsoft SDL – Developer Starter Kit offers content, labs, and training to help you establish a standardized approach to rolling out the Microsoft Security Development Lifecycle (SDL) in your organization—or enrich your existing development practices.

Download the complete Microsoft SDL – Developer Starter Kit

Reference: SDL Home | SDL Blog  | Security Forums