• Benefits of the SDL

    • More Secure Software
  • The SDL Helps You Build Software That's More Secure by Reducing the Number and Severity of Vulnerabilities in Your Code
  • The ultimate test of the SDL is the extent to which it can reduce the number and severity of vulnerabilities in software. In order to measure the extent to which these goals are met, security experts analyzed public vulnerability counts in "pre-SDL" and "post-SDL" versions of the same product in the 12 months (or more) following the release.
  • Although these results do not imply that all vulnerabilities will be found, the examples below demonstrate the effectiveness of the SDL in reducing the number of security vulnerabilities of products that were developed with it.
  • Microsoft SQL Server: 91% Fewer Vulnerabilities in SQL Server 2005
    • SQL Server serves as an excellent example for security improvements resulting from incorporating the SDL. Within the three years after release, Microsoft has issued three security bulletins for the SQL Server 2005 database engine.
    • Vulnerabilities reduction after SDL implementation

      click to enlarge

    • Help Address Compliance Requirements
  • Organizations that develop software need to comply with a variety of complex, ever-changing regulations. Incorporating the SDL into the application development process helps meet compliance requirements and produce a return on investment (ROI) by guiding organizations to make smart choices early in the design process, thereby minimizing expensive inefficiencies.
  • The SDL encourages organizations to:
      • Go beyond today's compliance requirements, enabling organizations to take a proactive, forward-thinking approach.
      • Eliminate redundancies and coordinate processes, thereby streamlining the efficiency of application development.
      • Improve productivity while helping ensure compliance.
      • Improve application security with a holistic, step-by-step approach.
      • Improve productivity while helping ensure compliance.
    • Compliance Infographic
    • Reduce Costs
  • SDL Helps Reduce the Total Cost of Development
    • The National Institute of Standards and Technology (NIST) estimates that code fixes performed after release can result in 30 times the cost of fixes performed during the design phase. Additional costs may include a significant loss of user productivity and confidence. The SDL systematically addresses software security during the development phase, ensuring that vulnerabilities are more likely to be found and fixed prior to application deployment and thereby reducing your total cost of software development.
    • Reduce the Total Cost of Development

      click to enlarge

  • Analyst reports: Microsoft SDL adoption producing a better ROI
  • The Forrester Consulting State of Application Security study reported that organizations implementing an SDL process showed better ROI results than the overall surveyed population.

    Aberdeen Group demonstrated how adopting an SDL process increases security and reduces the severity and cost of vulnerability incidents while generating a stronger return on investment (four-times higher) than other application security approaches.
  • SDL Progress Report