This weekend, we posted the Security Development Lifecycle document on the Security Developer Center. We’ll headline this a little later today. This article was written by Steve Lipner and Michael Howard. We considered it important enough that we gave the article it’s own, easy to remember url:
Here’s a link and a bit more about the article:
The Trustworthy Computing Security Development Lifecycle
This paper discusses the Trustworthy Computing Security Development Lifecycle (or SDL), a process that Microsoft has adopted for the development of software that needs to withstand malicious attack. The process encompasses the addition of a series of security-focused activities and deliverables to each of the phases of Microsoft’s software development process.
Mike has some more information here.