Microsoft recently posted a great story discussing on how Microsoft started SDL(Security Development Lifecycle) in the Windows XP era and how it was adopted by software industry. After Windows XP was affected by various worm and virus attacks, Microsoft even stopped the development of Windows and focused on improving the security of the OS. Thus, in February 2002 the entire Windows division shut down and diverted all of its developers to security. Everyone was given training to outline expectations and priorities — threat modeling, code reviews, available tools, penetration testing — all designed to modify the default behavior of the system to make it more secure. Their room at the Microsoft Briefing Center was filled to its 950-person capacity twice a day for five days as Lipner and his team worked their way through. Bill Gates’ trustworthy computing memo was the turning point in Microsoft’s history to focus on software security. ...

Read More →