The Microsoft SDL – Founding a Culture of Security

MediaPro Product Project Manager Jenn Wraspir writes about the Microsoft Security Development Lifecycle.
Can you remember the first time you heard the words cyberattack or cybersecurity? They’re now used in conversations every day; they’re part of our digital landscape.
In July of 2001 Microsoft experienced its first cyberattack, Code Red. Hackers created malicious software hoping to break the web. Since then hacking has become pervasive. You likely know about high-profile breaches at Anthem and Target. Last fall’s attack on Home Depot may result in $3 Billion in fake charges and more than $2 Billion in actual losses.
Microsoft recently released Life in the Digital Crosshairs, a compelling and beautifully presented online story that shares the company’s early experiences with hacking attacks and how it developed a strategy and culture to secure its software. Central to Microsoft’s story is the creation and adoption of the Security Development Lifecycle (SDL). Developers learn why they must build security into their software from the start.

Organizations have recognized that security efforts during development are no longer optional.

Awareness has grown exponentially, and many organizations are now demanding a security development lifecycle when developing and adopting technologies.

Prescriptive security development practices are rapidly becoming competitive differentiators in the marketplace.

Tim Rains
Director, Microsoft Trustworthy Computing

Since SDL’s inception in 2004 the program has evolved and SDL remains a strategic investment for Microsoft. Other companies, like Adobe and Cisco, adopted the Security Development Lifesycle for themselves.
Visit Life in the Digital Crosshairs and read the complete Microsoft SDL story for yourself.

Share this Post