lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <DAC3B5AD396A0C498B8C0717899D078004D64E84@RED-MSG-41.redmond.corp.microsoft.com>
Date: Tue, 22 Mar 2005 15:11:51 -0800
From: "Michael Howard" <mikehow@...rosoft.com>
To: <bugtraq@...urityfocus.com>, <secprog@...urityocus.com>,
	<NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM>
Subject: Security Development Lifecycle Whitepaper Available


Microsoft has made publicly available our Security Development Lifecycle
(SDL) paper at http://msdn.microsoft.com/security/sdl. 

The SDL is the process that Microsoft has implemented for the
development of software that needs to withstand malicious attack. The
process encompasses the addition of a series of security-focused
activities and deliverables to each of the phases of Microsoft's
software development process. These activities and deliverables include
the development of threat models during software design, the use of
static analysis code-scanning tools during implementation, and the
conduct of code reviews and security testing during a focused "security
push". Before software developed under the SDL can be released, it must
undergo a Final Security Review by a team independent from its
development group. When compared to software that has not been subject
to the SDL, software that has undergone the SDL has experienced a
significantly reduced rate of external discovery of security
vulnerabilities. This paper describes the SDL and discusses experience
with its implementation across Microsoft software.

Cheers, Michael

[Writing Secure Code] http://www.microsoft.com/mspress/books/5957.asp
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.msdn.com/michael_howard



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ