The SDL Chronicles: Diverse Companies and Industries Share the ROI of Security Development Processes
Doug Cavit here. I’m happy to announce that we have now released The SDL Chronicles. We have been working with many outside institutions to help document their secure application development journey and what they learned. Together, these stories make up The SDL Chronicles. It is really interesting to me to see all these stories collectively rather than as individual pieces. It is much easier now to see the similarities in what all of these institutions underwent in understanding the new challenging threat landscape. They then built consensus for not just doing the “quick fix” but for solving the problem systemically through a cultural shift. From this effort they were able to realize not only the benefits of enhanced security but also reaping direct benefits for doing the right thing in terms of more productivity and an excellent ROI. All of these stories conclusively show that process and culture matters and while it may take some time and resources the net result is worth the investment.
Today I did some color-blocking. This means I put on an outfit with two colors – black and navy, interspersed from head to toe. In doing so, I was updating my look and getting a little more modern as a result! With technology, there’s always something new and interesting to modernize the ways we live our lives. It might be a new phone (I picked the Windows 8 HTC), or it may be Skype-coaching my mother who is absolutely enamored with the product uttering, “I see you, I see you!” each time the session engages and was most intrigued by the ability to talk and text at the same time.
As technology continues to evolve and influence our digital lifestyles, we must be ready to adapt and respond to both enjoy the potential of new things and understand how to use them safely. The topic of online safety is one we’ve been investing in for years, yet there’s always something that comes along prompting new learning and information.
The SDL Chronicles: Free resources to help drive SDL adoption and realize solid return on investment
The Microsoft Security Development Lifecycle (SDL) has been used at Microsoft for more than eight years to help reduce the number and severity of vulnerabilities in Microsoft products and services, thus limiting the opportunities for attackers to compromise computers. Microsoft has freely shared the processes, tools and guidance that form the SDL for more than five years to help our customers, partners and industry colleagues also develop more secure software. However, it can be difficult to make a business case for the adoption and enforcement of a software development process that could be perceived as a “development tax”.
Microsoft’s Free Security Tools – A Deeper Look at XSS Attacks and Microsoft’s free Anti-Cross-Site Scripting Library
Three key objectives of information security are to maintain the confidentiality, integrity and availability of an organization’s information. Most of the conversations I have with security professionals seem to revolve around the confidentiality and integrity of data. The topic of availability is typically broached only in discussions regarding DDOS attacks or Hackvitism. But more and more of the security professionals I have been talking to lately have been interested in topics related to reliability and availability; as their organizations adopt cloud services, more people seem to be interested in these topics.
When I write “availability” I mean that information and services can readily be accessed with a high level of Quality of Service.
Fewer than 15 percent of U.S. undergraduates are pursuing degrees in science and engineering. U.S. math and science test scores lag those of other nations, chiefly China and India. U.S. high schools are falling behind the rest of the world in computer science, and too few women and minorities are employed in science, technology, engineering and math (STEM) fields.
STEM subjects are arguably the foundation of our global economic future. Such skills are essential for almost any job, and are certainly imperative for nations to compete in an evolving marketplace. Indeed, STEM expertise likely holds the key to daunting global challenges, such as healthcare, hunger, poverty, and climate change. The U.S. Labor Department projects that by 2014, the U.S. will have more than two million job openings in STEM fields. The bottom line is: Will we be able to fill them?