Analyst Report
SDL Series - Article #7: Evolution of the Microsoft SecurityDevelopment Lifecycle
Published: 6/2/2009
This article is the seventh in the "SDL series" – a set of 8 articles investigating the Microsoft Security Development Lifecycle. In this series, through extensive interviews and research, the authors pull back the covers on Microsoft's Security Development Lifecycle- a development practice upon which millions of users (and billions of dollars) depend.

Summary
In this article, you will see how lessons learned over the years have fed back into the SDL to increase its effectiveness. The SDL today is the product of lessons learned across many products, over many years.
Included in this document
  • Drivers of Security-Related Development Changes
  • Evolution of Threat Modeling
  • Emergence of Fuzz Testing
  • Evolution of Static Analysis
  • Measuring the Effectiveness of Secure Coding Practices
  • SDL Changes for Windows Vista Development
  • SDL Change Process
  • Evolving the Microsoft Security Culture
  • Looking at Security Data Across the Industry