For those of you who haven’t heard of it, the Microsoft Security Development Lifecycle (SDL) is “A Microsoft-wide initiative and a mandatory policy since 2004, the SDL introduces security and privacy early and throughout the development process. Combining a holistic and practical approach, the SDL is risk-based with the goal of protecting end-users by reducing the number and severity of vulnerabilities in code.”
As a company, Microsoft has received lots of recognition for SDL. Customers often ask “How does Microsoft build software?” That’s not an easy question to answer, because different teams used different processes depending on size, preference, etc. On thing that’s consistent though is that every team uses SDL. So can you!
“The Microsoft SDL - Developer Starter Kit offers content, labs, and training to help you establish a standardized approach to rolling out the Microsoft Security Development Lifecycle (SDL) in your organization—or enrich your existing development practices.”
Seriously, why wouldn’t you take the time to review this? Are you using Team Foundation Server? Amongst tons of other great resources from the link above, you will find SDL Process Templates for VSTS. No excuses. Like Nike says, “Just Do It!”