Security Development Lifecycle (baking it in)
2 minutes to read
In this article
Security, like User Experience, is not something that can be bolted on, provided by an add-in, or added after the fact. Truly secure, survivable systems have to be designed in that manner all the time. The
SDL focuses on Education, Process Improvement, and Accountability.
Education – teaching developers secure design principles and secure coding techniques
Process Improvement – Implementing SDL on product and project teams to reduce vulnerabilities and focus the team on security and privacy
Accountability – Keeping security requirements, design features, and defects traceable throughout the lifecycle
tools for each step of the SDL that help your team focus on hardening your app through the development lifecycle.
Requirements – Security Development Lifecycle templates to track security throughout the development lifecycle.
Design – The SDL Threat Modeling Tool allows you to design your solution and track
STRIDE threats against each component. Implementation – Static Analysis tools including
FxCop and CAT.NET scan your code for insecure functions and suspect data flows. Verification –
Attack Surface Analyzer looks at the deployment environment to ensure you are deploying into a secure environment. Release – SDL templates to document the security posture of the current version and track new requirements for the next release.
Even more information is available from the
SDL team blog.