Microsoft SDL Progresses
Announcements at Black Hat DC demonstrate software assurance commitment and leadership
By joltsik on Wed, 02/03/10 - 7:42pm.
“This particular Microsoft announcement won't get much play compared to say the Windows 7 announcement, but as a security insider I think it is important for several reasons:
1. It is easy to blame Microsoft for security problems but these accusations are often based on history not present reality. The fact is that all of Microsoft's products go through SDL and Microsoft is promoting SDL on its own dime. Yes, other software vendors have their own software assurance processes and tools, but no other vendor is as open about its own SDL or working as hard to stress the importance of secure software development.
2. SDL is growing on all fronts. The model itself, adaptation to different development models, integration with development and testing tools, and more and more professional services firm. Again, Microsoft isn't making money on SDL but it continues to invest here.
3. If you don't know SDL, you will soon. Whether it is Microsoft's SDL or another similar model, secure code development will become a standard in the near future. Why? As the Federal Government embraces cyber supply chain assurance, you won't be able to sell ANY technology products to the government unless you adhere to an SDL model. The same will hold true in other critical infrastructure industries like financial services, telecommunications, utilities, etc. “