The Security Development Lifecycle

The software industry has been struggling with how to create and release software that is more security-enhanced and reliable— the Security Development Lifecycle (SDL) provides a methodology that works. Adapted from Microsoft’s standard development process, SDL is a critical way to help reduce the number of security defects in code at every stage of the development process, from design to release. In addition to a brief history of the methodology, this book details each stage of the SDL methodology and discusses its implementation across a range of Microsoft software, including Microsoft® Windows Server™ 2003, Microsoft SQL Server™ 2000 Service Pack 3, and Microsoft Exchange Server 2003 Service Pack 1, to help measurably improve security features. Coauthored by Michael Howard and Steve Lipner, you get direct access to insights from Microsoft’s security team and lessons that are repeatable and applicable to software development processes worldwide, whether on a small-scale or large-scale. This book includes a CD featuring videos of developer training classes.