Michael Howard on the early days of SDL

We’ve been posting recently about Microsoft’s Security Development Lifecycle (SDL). Michael has just started telling the story of how the SDL came to be over at the SDL blog, and Microsoft Press is proud to have played a small role in the tale:

Early in 2001 David LeBlanc and I lamented the deluge of email we constantly received asking pretty basic security questions; so rather than whine and complain we thought we would write a little book that covered some of the basics so we could focus on the ‘hard problems.’ That book was “Writing Secure Code” (aka WSC) named after Steve Maguire’s excellent “Writing Solid Code.” I think it’s fair to say WSC was the secret weapon that helped scale our early security work because we simply gave every engineer at Microsoft a copy and told them to read it!

I have a pretty good idea how it ends (although, of course, security never ends), but I’ll keep following the story nonetheless. :-)