Microsoft Security Development Lifecycle - Secure software made easier.
Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
To mark the 10 year anniversary since the creation of the Security Development Lifecycle, we wanted to tell the behind-the-scenes story of how the SDL came to be. Back in 2004, Microsoft decided that if we were going to succeed at building trust with our customers, security could not be an afterthought when developing our products and services. So how do you get a large organization like Microsoft to prioritize security with thousands of developers, writing millions of lines of code? How do you get everyone marching toward the same goal? Hear from some of the people behind the scenes in security at Microsoft to discuss their journey and how they helped to fundamentally shift the culture within Microsoft. Get the never-before told inside story on Microsoft security: www.sdlstory.com
Registration is now live for the Security Development Conference 2013, hosted in San Francisco, CA on May 14 – 15, 2013. If you register today you’ll save 50% off the normal registration fee.
This year’s conference will include keynote speakers Edna M. Conway, Chief Security Strategist, Cisco Systems Inc.; Brad Arkin, senior director, Security, Adobe products and services; and Scott Charney, corporate vice president, Trustworthy Computing, Microsoft Corp. Event tracks will include: Engineering for Secure Data, Security Development Lifecycle & Data Security, and Business Risk & Data Security. Track sessions will cover the latest in proven security development techniques that help reduce risk and protect organizations in the ever-changing technology landscape.
The Security Development Conference brings together IT security professionals to network, learn and discuss secure development best practices. Attendees from around the world will hear from leading security experts, build their professional networks, and learn how to implement or accelerate adoption of secure development practices within their own organizations.
For more information, I encourage you to check out the website at www.securitydevelopmentconference.com.
Steve LipnerPartner Director of Program ManagementMicrosoft Trustworthy Computing
Doug Cavit here. I’m happy to announce that we have now released The SDL Chronicles. We have been working with many outside institutions to help document their secure application development journey and what they learned. Together, these stories make up The SDL Chronicles. It is really interesting to me to see all these stories collectively rather than as individual pieces. It is much easier now to see the similarities in what all of these institutions underwent in understanding the new challenging threat landscape. They then built consensus for not just doing the “quick fix” but for solving the problem systemically through a cultural shift. From this effort they were able to realize not only the benefits of enhanced security but also reaping direct benefits for doing the right thing in terms of more productivity and an excellent ROI. All of these stories conclusively show that process and culture matters and while it may take some time and resources the net result is worth the investment.
Last year we released a beta version of our free Attack Surface Analyzer tool. The purpose of this tool is to help software developers, Independent Software Vendors (ISVs) and IT Professionals better understand changes in Windows systems’ attack surface resulting from the installation of new applications. Since the initial launch of Attack Surface Analyzer, we have received quite a bit of positive feedback on the value it has provided to customers. Today we are pleased to announce that the beta period has ended and Attack Surface Analyzer 1.0 is now available for download.