SDL Process: Response

This post-release phase centers on the development team being able and available to respond appropriately to any reports of emerging software threats and vulnerabilities.

  • Core Security Training
  • Establish Security Requirements
  • Create Quality Gates/Bug Bars
  • Perform Security and Privacy Risk Assessments
  • Establish Design Requirements
  • Perform Attack Surface Analysis/ Reduction
  • Use Threat Modeling
  • Use Approved Tools
  • Deprecate Unsafe Functions
  • Perform Static Analysis
  • Perform Dynamic Analysis
  • Perform Fuzz Testing
  • Conduct Attack Surface Review
  • Create an Incident Response Plan
  • Conduct Final Security Review
  • Certify Release and Archive
  • Execute Incident Response Plan

SDL Practice #17: Execute Incident Response Plan

Being able to implement the Incident Response Plan instituted in the Release phase is essential to helping protect customers from software security or privacy vulnerabilities that emerge.

Delivering security updates and authoritative security guidance, the Microsoft Security Response Center (MSRC) is a global team working around the clock to identify, monitor, and resolve security incidents and Microsoft software security vulnerabilities.