The impact of the SDL on Microsoft SQL Server


Following on from my recent post about Windows Vista security and the SDL, a number of people have indicated to me that obvioulsy it’s a fluke. It’s important to point out that the reason I talk about Windows Vista so much is because I work in the Windows Division. The SDL was born in Windows.


But the SDL extends across Microsoft, not just Windows. So if the SDL works, wouldn’t we see vulnerability reduction in other Microsoft products too? Er, yes!


Take a look at a blog post Jeff just made and you’ll see what I mean.

Comments (1)

  1. Thomas Garnier says:

    Hi,

    I did look at Vista assembly code in many ways. Like my first reported vulnerability :

    Microsoft Windows Vista Local Privilege Escalation Vulnerability (MS07-066):

    http://www.microsoft.com/technet/security/bulletin/MS07-066.mspx

    I already looked at components in Windows Vista and compared with prior versions. We can discuss about how SDL is apply and it’s impact on performance. But we can’t denied that it improves drasticly Windows environnement security.

    It does not mean security vulnerabilities have disapeared but it’s far harder to found vulnerabilities in Vista. SDL is a great thing and you made an amazing job. Keep it going !

Skip to main content