Lipner - the co-creator of the Security Development Lifecycle (SDL), which Microsoft has been using internally since the early part of the decade - told Infosecurity that the software giant is keen to get its partners to adopt the best practices, which it has enshrined in a guide for programmers.
The company recommends users the following proactive steps: understand the Microsoft security update process and terminology; ensure that all third-party applications are being updated regularly by the vendor; ensure that a customer's development team is using the Security Development Lifecycle (SDL) or a similar software security assurance process; and ensure that policies are in place to help secure all file shares and regulate the use of removable media.
lt;p>Even Microsoft's top expert on designing software with security in mind -- a process Microsoft calls Security Development Lifecycle, or SDL -- has admitted that it is virtually impossible to catch some kinds of bugs without tedious line-by-line review of the code, something even Microsoft is hard-pressed to do.
lt;p>Even Microsoft's top expert on designing software with security in mind -- a process Microsoft calls Security Development Lifecycle, or SDL -- has admitted that it is virtually impossible to catch some kinds of bugs without tedious line-by-line review of the code, something even Microsoft is hard-pressed to do.
Byline: Mamta03 As part of its Security Development Lifecycle (SDL), Microsoft has now made a tool available to allow programmers to integrate the knowledge accumulated through SDL into their software development environment.
Our commitment to the Security Development Lifecycle (SDL) and our constant focus on building defense-in-depth into our products and services ensures each release is better than the last.
