Summary and knowledge check

  • 6 minutes

In this module, you learned about how Microsoft Online Services implements Microsoft's Security Development Lifecycle (SDL) to build security and privacy into our products and services.

Now that you have completed this module, you should be able to:

  • List the phases of Microsoft's SDL process.
  • Describe the training requirements for all members of Microsoft development teams.
  • Explain how Microsoft development teams practice security and privacy by design.
  • List the automated tools Microsoft uses to find and remediate software vulnerabilities.
  • Explain how Microsoft enforces and tests operational security requirements using ongoing penetration testing.
  • Describe security and privacy review requirements for code approval and release.
  • Explain how Microsoft uses Component Governance (CG) to manage open-source software.

Check your knowledge

1.

What is the correct order for the five core development phases of Microsoft’s SDL?

2.

How does the Microsoft SDL use threat modeling to improve security?

3.

What category of automated tools does Microsoft use to test and validate whether source code contains vulnerabilities?

4.

Which of the following does Microsoft use to test the detection and response capabilities of its services?

5.

How does Microsoft detect open-source components in its products and services?