An analyst report from Cascade Insights covers the Security Development Lifecycle applied at Microsoft. From the website:

This article is the fifth in the "SDL series" – a set of 8 articles investigating the Microsoft Security Development Lifecycle. In this series, through extensive interviews and research, the authors pull back the covers on Microsoft's Security Development Lifecycle- a development practice upon which millions of users (and billions of dollars) depend.

Summary

Microsoft makes heavy use of tools throughout the Security Development Lifecycle.  In this article, you will see how tools assist in threat modeling, code analysis, and penetration testing.

Included in this document

  • The Microsoft SDL
  • Threat Modeling Tools
  • Compiler and Linker Protections
  • Code Analysis Tools
  • Manual Code Inspection
  • Fuzz Testing
  • Benefits and Limitations
  • About the Authors