Great blog post by Steven Sinofsky from the Windows division, reminding folks that Windows 8 is going to be built using the Microsoft SDL.  From the blog post:


Secure by design

We use the Security Development Lifecycle (SDL) to build Windows with the best security design, development and testing practices available. Some highlights include:

  • Threat modeling and security design reviews. During the design process we consider how criminals might seek to attack features and scenarios, and incorporate this analysis into our designs.
  • Writing secure code. Training and code quality tools help to prevent common coding issues from entering the Windows source code.
  • Penetration testing. Security engineers take an attacker’s perspective when reviewing a completed set of features that make up a scenario.
  • Security code reviews. Security engineers provide additional security-oriented code reviews for highly sensitive components.
  • Security tools. Tools continuously updated with the latest state of the art in finding and exploiting software provide a scalable solution to improve existing code.


Protecting you from malware - Building Windows 8 - Site Home - MSDN Blogs