Value Proposition for using the SDL


We’re discussing the value proposition of using the SDL this week. Most folks can articulate why organizations should use the SDL. Some reasons are:

  1. Structured way of ensuring Security is built into all application development efforts.
  2. 90% of attack now take place at the application level.
  3. It costs 30 times more to fix the application at the release stage of the SDL than at the design stage.
  4. Proper threat modeling can help prevent the majority of known hacks in systematic manner if done at the design phase of the SDL.

But ask someone what the value proposition for an individual is to use the SDL, and they will take pause and say, “what do you mean?”. Some will even tell you that if it’s good for the organization, then it’s also good for the individual. Actually I think some of the ways an individual can benefit from learning the Microsoft Security Development Lifecycle (SDL). I think they are:

  1. Learning how the SDL works give you an additional edge in the job market in today’s economy.
  2. If you know how the SDL works, or even SDL for Agile, you can take that to another company who utilizes them to build applications for Microsoft customers. Microsoft is working with all of it’s customers to drive awareness for implementing the Microsoft SDL into their customers’ application development processes.
  3. Knowing how the SDL and the SDL security tools work, you can quickly integrate into a new application development team. Much quicker than someone who doesn’t know how the SDL works. In this economy, anything that gives you an edge will keep you employed and your mortgage payments getting paid.
  4. Because most developers want to do the right thing. You get to systematically build security into your application development efforts. If your applications are secure, you can provide security or privacy to your customers. Online safety for children, teens, and adults will also not be possible.
  5. Security matters. Don’t wait until your application has been hacked, and you get fired. It’s not worth it.

Learn more today about the Microsoft Security Development Lifecycle (SDL) at