VISUG discusses the Security Development Lifecycle

  • Article

It looks like 2 of the Belgian INETA user groups decided to make it a User Group Wednesday on October 25. Both FxUserGroup and VISUG are organizing a free event.

The VISUG meeting, with Wim Verhaeghen as guest speaker, will be covering the Security Development Lifecycle.

More details on the meeting:

When: Wednesday October 25, 19:00 – 21:30
Where: Ordina, Boomsesteenweg 28, 2627 Schelle
Food: 18:30 - 19:00
How to register: Confirm your presence by leaving a comment over here

Description:
The software industry has been struggling with how to create and release software that is more security-enhanced and reliable. The Security Development Lifecycle (SDL) provides a methodology that works; it is a critical way to help reduce the number of security defects in code at every stage of the development process, from design to release. When compared to software that has not been subject to the SDL, software that has undergone the SDL has experienced a significantly reduced rate of external discovery of security vulnerabilities. During this presentation Wim Verhaeghen will introduce you in the process of developing software that needs to withstand malicious attack.

Last week I noticed the availability of this previously internal-only available document "Privacy Guidelines for Developing Software Products and Services". This covers one of the aspects of the SDL and is very useful for customers and partners looking for privacy guidelines for developers.

Failing to protect customer privacy can lead to an erosion of trust. Over the last several years, Microsoft has established extensive internal guidelines for developers that help them protect customer privacy, give them a view into customer expectations and global privacy laws, and document the hard lessons we’ve learned. These guidelines have been engrained in our development process and are now incorporated into the Security Development Lifecycle (SDL) . The impact has been felt across Microsoft’s products and services.
In response to requests from customers, partners, ISVs, educators, advocates, and regulators, we created a public set of privacy guidelines for developing software products and services. These guidelines are based on our internal guidelines and our experience incorporating privacy into the development process. By documenting our principles, we hope to help anyone building products and services to meet customer expectations and deliver a more trustworthy experience.
As the threat landscape escalates, customers are feeling less able to control access to their personal information, so consumer trust is waning. As an industry, we need to set a high bar for respecting customer privacy, to help build greater trust in the Internet and e-commerce. We want to foster an open dialogue with others in the industry so we can build a common set of privacy best practices to help meet our privacy obligations and increase customer trust. We are pleased to offer our guidelines as a starting point to accelerate this effort.

You can get the document from the Microsoft download center.

Technorati tags: VISUG, Community, Security Development Lifecycle, Privacy Guidelines for Developing Software Products and Services