• SDL Process: Response

  • This post-release phase centers on the development team being able and available to respond appropriately to any reports of emerging software threats and vulnerabilities.

Training

Requirements

Design

Implementation

Verification

Release

Response

  1. Core Security Training

  1. Establish Security Requirements

  1. Create Quality Gates/Bug Bars

  1. Perform Security and Privacy Risk Assessments

  1. Establish Design Requirements

  1. Perform Attack Surface Analysis/ Reduction

  1. Use Threat Modeling

  1. Use Approved Tools

  1. Deprecate Unsafe Functions

  1. Perform Static Analysis

  1. Perform Dynamic Analysis

  1. Perform Fuzz Testing

  1. Conduct Attack Surface Review

  1. Create an Incident Response Plan

  1. Conduct Final Security Review

  1. Certify Release and Archive

  1. Execute Incident Response Plan

Previous previous phase
next phase Next
  • SDL Practice #17: Execute Incident Response Plan
  • Being able to implement the Incident Response Plan instituted in the Release phase is essential to helping protect customers from software security or privacy vulnerabilities that emerge.
  • Delivering security updates and authoritative security guidance, the Microsoft Security Response Center (MSRC) is a global team working around the clock to identify, monitor, and resolve security incidents and Microsoft software security vulnerabilities.