In January 2002, many Microsoft software development groups prompted "security pushes" to find ways to improve the existing security code. Under this directive, the Trustworthy Computing (TwC) team formed concepts producing the Microsoft Security Development Lifecycle (SDL).
Established as a mandatory policy in 2004, the Microsoft SDL was designed as an integral part of the software development process at Microsoft. The development, implementation, and constant improvement of the SDL represents our strategic investment to the security effort. This is an evolution in the way that software is designed, developed, and tested and has now matured into a well-defined methodology. Our commitment for a more secure and trustworthy computing ecosystem has also inspired the creation of guidance papers, tools, and training resources available to the public.
click to enlarge