What actually makes products more secure? SDL
Common Criteria security evaluations and certifications give us some measurable assurance that products such as Microsoft Windows live up to their security claims. Microsoft has successfully completed these and similar security evaluations since Windows NT v3.5 with US SP3 in 1996.
Over the last decade, many important lessons have been learned – sometimes the hard way – in ways that the security standards could not predict nor keep up with. We needed something that could actually make our products more secure with measurable results from the onset of the development process.
The formulation of Microsoft’s best practices in the development of products such as Windows Vista and Windows Server 2008 is the Microsoft Security Development Lifecycle (SDL).
Whether you are a software vendor or an internal developer, I encourage you to read, study, and then adopt the guidance, best practices, and tools found in the SDL. Our mutual customers and our industry are counting on us all to the raise the bar for security. Won’t you give SDL a try?