banner



From a Bill Gates memo to an industry practice: The story of Security Development Lifecycle

Most people would agree that Microsoft has come a long way from the dark days of frequent malware attacks and security flaws making headlines. Microsoft has now shared the untold, and thrilling, story of the Security Development Lifecycle at SDLstory.com with anecdotes of the early days, and never-earlier-seen video footage and photos of the key players.

While in the earliest days, hacking was just an underground hobby, the media attention that security attacks received fabricated it fascinating for cybercriminals as an opportunity for fame. The romanticism of breaking the web just because you could do information technology became a high. Just equally time went on, the attacks became more and more than malicious, exploiting software for fiscal proceeds.

These vulnerabilities gained media attending while Microsoft was working on a reactive mode. Incidents like these were and so meaning that they strained the company'south power to provide support to customers. And despite their security efforts, the company was losing the trust of customers.

Within all this mess, Bill Gates sent a landmark memo about software security and trust to all total-fourth dimension Microsoft employees wherein he coined the phrase 'Trustworthy Calculating'.

"… if we don't do this, people simply won't be willing — or able — to have advantage of all the other great work we do. Trustworthy Computing is the highest priority."

Not long later the memo, in February 2002, the unthinkable happened. The entire Windows division close down and diverted all of its developers to security. Everyone was given preparation to outline expectations and priorities — threat modeling, code reviews, available tools, penetration testing — all designed to modify the default behavior of the organisation to brand it more secure.

Microsoft began reinventing itself every bit a more secure computing company, and correct away there were skillful results. With new tools, new processes, and a new understanding of the security landscape, integrating security into product development was now a primary focus across Microsoft. And by late 2003, early versions of Microsoft's SDL began to have shape.

Once SDL got approved past the senior leadership, it was mandated to be embedded into the development bicycle, updated periodically, and applied to all products and online services that faced meaningful risk. The increased security of Microsoft's own software has been dramatic, in role due to the emphasis on standing to evolve over the past ten years.

Interestingly, the SDL has had a major touch on on the broader industry also. Early on, Microsoft decided to make the SDL'southward tools, processes and guidance available free of charge to any organization that wanted to adapt it to their own business. Every bit a upshot, the SDL has not but led to measurable improvements in the security and privacy of Microsoft's software and services, but also to a central shift in software development at many other companies. Ii of the world'due south largest technology companies, Adobe and Cisco, have adopted information technology.

Since its inception in 2004, and the external release of SDL tools and resources in 2008, Microsoft'south SDL guidance has been downloaded more than 1 1000000 times and reached more than 150 countries. From small developer shops to large enterprises, many are seeing benefits from a 'baking security in' approach. The SDL was built on the concept that security should not exist an afterthought.

Source: SDL Story

Source: https://www.windowscentral.com/bill-gates-memo-industry-practice-story-security-development-cycle

Posted by: buttsderydeartact74.blogspot.com

0 Response to "From a Bill Gates memo to an industry practice: The story of Security Development Lifecycle"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel