Process (Security Development Lifecycle)
The Microsoft Security Development Lifecycle (SDL) is the industry-leading software security assurance process. The SDL has played a critical role in embedding security and privacy into the Microsoft software and culture, leading to measurable security and privacy improvements in flagship products such as Windows Vista, Microsoft Office, and Microsoft SQL Server.
- SDL infuses security into the entire software development process: from requirements, through testing, to product release.
- Through education, tools, and the development process, SDL provides a comprehensive solution for developing more secure software.
- SDL was designed as an integral part of the development process.
- SDL includes threat modeling to enable developers to analyze security in a structured and holistic manner.
- SDL requirements and technologies are continuously improved to reflect new security techniques and to respond to new threats.
- SDL is based on risk management, empowering managers to make educated and practical security business decisions.
- SDL reduces the “Total Cost of Development” by finding and eliminating vulnerabilities early.
For more information, see The Microsoft Security Development Lifecycle.
People (Security Assurance)
The Security Assurance team is a group of security experts that helps teams create secure products so the teams can meet or exceed SDL requirements. Security Assurance also influences the design and strategy of the SDL.
The Microsoft Security Science team helps protect customers by improving security and privacy in Microsoft products through applied security research. Security Science develops more effective and scalable ways to find vulnerabilities, researches innovative exploit mitigation techniques and applies them to Microsoft products, focusing on tracking new exploits and providing early warnings about them.
Protecting Microsoft customers throughout the entire life cycle
The Microsoft Security and Engineering Center works with two other Microsoft security centers: the Microsoft Security Response Center and the Microsoft Malware Protection Center to help protect customers throughout the entire software lifecycle: development, deployment, and operations.
Tools and Resources
Mitigating Software Vulnerabilities White Paper
Learn how exploit mitigation technologies can help prevent attacks caused by software vulnerabilities.
!Exploitable Crash Analyzer
This Microsoft Windows debugging extension provides automated crash analysis and security risk assessment.
Software Vulnerability Exploitation Trends
This whitepaper features new research that examines the impact of security mitigations that Microsoft has implemented over time to address software vulnerabilities.