Microsoft Talks About SDL And How It Changed The Security Landscape In The Software Industry

Microsoft SDL

Microsoft recently posted a great story discussing on how Microsoft started SDL(Security Development Lifecycle) in the Windows XP era and how it was adopted by software industry. After Windows XP was affected by various worm and virus attacks, Microsoft even stopped the development of Windows and focused on improving the security of the OS.

Thus, in February 2002 the entire Windows division shut down and diverted all of its developers to security. Everyone was given training to outline expectations and priorities — threat modeling, code reviews, available tools, penetration testing — all designed to modify the default behavior of the system to make it more secure. Their room at the Microsoft Briefing Center was filled to its 950-person capacity twice a day for five days as Lipner and his team worked their way through.

Bill Gates’ trustworthy computing memo was the turning point in Microsoft’s history to focus on software security.

Pittaway’s modern-day take echoes Bill Gates’ early vision, reinforcing the central need for, and importance of, security in technology. In his memo Gates predicted that “within 10 years, computing will be an integral and indispensable part of almost everything we do.” He was right, and with the threat of cybercrime not going away, we should all be asking how securely built is the technology we’re using right now?The SDL was built on the concept that security should not be an afterthought. Today that approach is as important as ever. With technology becoming more and more woven into the fabric of society, cybercriminals continue to probe for cracks in the system, whether it’s at a company or in someone’s smartphone. Bottom line — the industry must evolve and no longer treat computer security as an afterthought. There’s just too much at stake to do otherwise.

Read the fascinating story from the below link.

  • Nham Thien Duong

    This is actually great, let’s be honest since 2001 there haven’t been any major virus or worm attacks, the last ”great one” was the Filipino ILOVEYOU virus in 2000, which caused 5 to 8 billion $ in damages world wide, 10% of the internet was affected, afterwards we haven’t seen anything like it, I remember having read somewhere that 60% of all internet websites are or contain windows-targeted viruses, yet only a very few people actually click on any, Microsoft was simply successful, I don’t know many people that still get viruses today, and most of my friends are glued to their P.C.’s at-least 18 hours a day, so I’d say that major viruses are a thing of the past, and we can thank Microsoft for that, of-course I would still see a major Mac virus coming in the future, something I do hope is that people will realise that Windows XP simply doesn’t have the capabilities of Windows Vista, 7, and 8.X (8 & 8.1 (Blue)) which are all designed to handle malware, or the fact that a virus or worm in Windows R.T. won’t even get out of the sandbox (though I wonder if some apps will allow users to store malware in their folders in the form of ”normal files”. :- ) but you can always report those, so far Microsoft has successful fought these threats, of-course spyware and other malware remain, but they’re not as dangerous as they were 15 years ago. :-)