The Security Development Lifecycle (SDL). Advantage, Microsoft

Enterprise Strategy Group analyst Jon Oltsik has published a non-commissioned research note lauding Microsoft’s efforts to develop industry leading secure coding practices through its Security Development Lifecycle (SDL). The report gives a historical perspective of Microsoft’s efforts, summarizes progress the company has made with SDL and encourages other software vendors to follow Microsoft’s lead to implement an SDL-like processes.


From the ESG Web site:

When it comes to Microsoft and security, few people ever mention Microsoft’s Security Development Lifecycle (SDL). ESG believes this is an unfortunate omission. The fact is that Microsoft’s commitment to SDL is an area of stealthy security leadership. ESG believes that other ISVs should embrace an SDL model as soon as possible and that enterprise organizations should mandate that technology vendors establish a measurable and transparent SDL process by 2008 or risk losing business.

You can get the report from