Microsoft Releases First Ever Security Development Lifecycle Progress Report

Microsoft released its first ever Security Development Lifecycle (SDL) Progress Report today, outlining nine years of progress developing, improving and adopting the SDL process.

The new SDL Progress Report provides IT business decision makers with a correlation between secure development, reduced attacks and business efficiencies. Using both Microsoft and outside information, the report concludes that adopting secure development processes, like the SDL, can identify vulnerabilities earlier and offset the costly cycle of addressing vulnerabilities at the end of the development cycle or after an attack.

The document also shows how a two-pronged approach, combining technology (i.e. defense-in-depth features, tools, etc.) and processes, can enhance the benefits of secure development. Finally, the new report shows where security mitigations built into Windows operating systems have gained the most traction among industry application developers.

More information and a download of the report are available here.

Related Column: Lessons from the Trenches on Implementing a Secure Development Lifecycle

Related Column: Implementing a Secure Development Lifecycle: The Importance of Executive Support