Microsoft is making it easy for third-party developers to bulletproof their software using the same security assurance process that the company applied when building products such as Windows 7 and Windows Vista. In this sense, the software giant continues on a path it set on a few years back when it started sharing resources and guides associated with the Microsoft Security Development Lifecycle with the developer community. Devs looking to secure their software leveraging the same range of security activities used by Microsoft in developing solutions starting with Vista can take advantage of such resources as the Simplified Implementation of the Microsoft SDL white paper, which can be grabbed from the Microsoft Download Center.
“Because Microsoft created the SDL, some people think they have to have Microsoft-like resources to be able to implement it,” revealed David Ladd, principal security program manager of Microsoft’s SDL Team. “It’s true that we do invest a lot in the SDL, but that’s largely because we have so many products that go through it. This paper sets out how any development team — even teams of eight to 10 developers — can implement the SDL.” More »