Jeremy Dallman here to let you know we have released our annual update to the Microsoft Security Development Lifecycle Process Guidance – version 5.1 (SDL 5.1). SDL 5.1 is now available for download (.docx format) as well as updated online in the MSDN library.

This public update of our internal SDL process guidance documentation is intended to provide transparency into how we implement the SDL at Microsoft. The changes in SDL 5.1 continue to demonstrate that the Microsoft SDL is continuously evolving to address new attacks, implement new protections, and improve the security of Microsoft products early in the software development lifecycle.

If you are just beginning your investigation or implementation of the SDL, we encourage you to first read the Simplified Implementation of the SDL paper and some of the additional resources we make available on the Microsoft SDL website. The SDL 5.1 guidance may be a useful resource for organizations whose processes align with Microsoft’s processes or are looking for detailed information on how Microsoft implements the SDL practices.

What is new in the SDL 5.1 documentation?

Since this is a “dot” release, the number of updates is smaller. We have tagged each change within the paper so they can be easy discovered by searching in document for “New for SDL 5.1”, “Promoted requirement for SDL 5.1”or “Updated for SDL 5.1”).  The updated content in the MSDN library includes all updates automatically.

Comments or questions? You can either leave them in the Comments section below or visit the SDL Process Forum to ask questions and discuss your own implementation of SDL security practices in your organization.