Analyst Report
SDL Series - Article #1: Investigating the Security Development Lifecycle at Microsoft
Published: 10/21/2008
This article is the first in the "SDL series" – a set of 8 articles investigating the Microsoft Security Development Lifecycle. In this series, through extensive interviews and research, the authors pull back the covers on Microsoft's Security Development Lifecycle- a development practice upon which millions of users (and billions of dollars) depend.

Summary
This article kicks off the investigation of the Microsoft Security Development Lifecycle, and sets the stage for a deeper look at security education, team organization, threat modeling, tools, security response, and SDL evolution at Microsoft.
Included in this document
  • Security Features vs. Security Products
  • The SDL, In a Nutshell
  • Proven Effective Methodology
  • Our Methodology
  • About The Authors