|
 |
|
|
|
|
|
|
|
|
|
|
SDL Helps Build More Secure Software
The SDL Helps You Build Software That’s More Secure by Reducing the Number and Severity of Vulnerabilities in Your Code
The ultimate test of the SDL is the extent to which it can reduce the number and severity of vulnerabilities in software. In order to measure the extent to which these goals are met, security experts analyzed public vulnerability counts in "pre-SDL" and "post-SDL" versions of the same product in the 12 months (or more) following the release.
Although these results do not imply that all vulnerabilities will be found, the examples below demonstrate the effectiveness of the SDL in reducing the number of security vulnerabilities of products that were developed with it.
Microsoft Windows: 45% Fewer Vulnerabilities in Windows Vista
Windows Vista was the first Microsoft operating system to benefit from the SDL. After the first year, Windows Vista had 45% fewer vulnerabilities than Windows XP. In a comparison of security vulnerabilities, Windows Vista also fares better than competing operating systems.
Microsoft SQL Server: 91% Fewer Vulnerabilities in SQL Server 2005
SQL Server serves as an excellent example for security improvements resulting from incorporating the SDL. Within the three years after release, Microsoft has issued three security bulletins for the SQL Server 2005 database engine.
Case Study: MidAmerican Energy uses SDL to make its software more secure.
MidAmerican Energy adopted the Microsoft SDL and reduced their number of vulnerabilities from 14,000 high risk threats to less than 100 for a critical web application within 273 days. 350 days after SDL implementation, external auditors reported that MidAmerican Energy was the only business unit in the holding company have no security vulnerabilities.
The MidAmerican SDL Chronicles reviews this 273-day quest to transform MidAmerican Energy’s process and culture towards making its software more secure.
|
|
 © 2012 Microsoft |
