Microsoft Security Development Lifecycle (SDL)
We all know that at one time in the past that Microsoft was considered the laughing stock of computer and software security. While it’s debatable that Microsoft was really much worse than any other software vendor, the fact is that Microsoft’s large installed base made it the focal point for hackers and malware. Exploits at the time were high viability events that got a lot of media coverage.
That’s seems like a hundred years ago to most of us in the Microsoft security community. While security is always a work in progress, Microsoft has gone from what many thought of as the least secure software company in the world, to what many consider the most secure software company in the world.
It didn’t happen overnight, and it wasn’t magic or the “power of money”. What enabled Microsoft to turn so quickly from unsecure to secure was Bill Gates’ mandate that attention to secure software development would be job one and then the implementation of the Microsoft Security Development Lifecycle or SDL.
The SDL provides processes and procedures that programmers and application developers can use to insure that software is built with security in mind. Security isn’t “bolted on” afterward. Instead, security considerations, threat modeling and fuzz testing is done throughout development so as to minimize the risk of “surprises”.
The SDL is part of all software development at Microsoft now and the results of it’s implementation are astounding. All you need to do is check the reductions in security issues with Windows Vista versus previous Windows client versions or Windows Server 2008 compared to previous Windows Server versions.
Microsoft has put together a new landing page for the SDL. You can find it at http://msdn.microsoft.com/en-us/security/cc448177.aspx and get more information about the SDL. Then, when you’re considering purchasing software from Microsoft or another vendor, ask the other vendor for information on their SDL and details on how they implement it, like the information on the Microsoft SDL page.
HTH,
Tom
Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
puppa jean-noel new jersey Says:
July 18th, 2008 at 1:06 am
Bastia,
July 18, 2008
Dear sir, Mrs, Miss,
Would you convey my thanks for the very last e-mail publishing and layout on your website covered by the addition of a module to integrate the function of the register clean windows editions of the family or xp pro and in many cases, the windows vista where many computer program designed to do this task is done correctly, which I believe has attracted a good number etpourquoi all our loyal readers and also convey to you quite another suggestion which is not very normal in the concept and the way it treated all mrenaces that might be detected during a search of the very powerful engine for this task has revelée in its delicate procedure as explained below.
By conséquentil would be desirable to rethink the basic principle that designs and manages the configuration of our program-squared free online trojan scanner that seems to be lacking was the finalization of the successful search of all threats that are likely to be present on the one or partially integralité our readers our local computer units which does not offer the possibilities of selectionés the various elements detected in a isloés programs that would be expected to be recognized as a threat impunity demonstrated in a concrete manner the spywarefree pc smart solutions or by adding a filter when configuring said online program that offers advantages very beneficial in advanced research of threats that are likely to be detected on our good old personal computer for many drive users of these programs you kindly put at the service of all your faithful scientist who does require very certainly not so much pleasure seems so intense and seems the ideal that level in the perfection of the evolution of our technology an intelligent manner which shall not cease to live or even stop here you’ll find many compliments suscits with many years of work whose many efforts in the rechercjhes are toutela reputation of your website in partnership of some companies.
Therefore it is sent to you my thanks my thanks for the confidence you give me the reliability and robustness has associated itself excellent and has an aesthetic care of my programs that sometimes parraissent complex and very expensive in the budgetfinanciers investment set by your services and marketing research labotorie allowing the realization of this work to justify my contribution that no one would be denied if it is used so appreciable and intelligement intended solely for purposes extrat professional and not to ill-intentioned individuals acting anonymously as vulgar personages said vandals or voyoux does not respect laws and artistic and literary rights and the copyright laws protect a computer USA and international generosité your ageementer so inegallable that of French and Corsican for what would be m ‘ offer benefits to the quality of my services but also be seen as a faithful reader of your news through a rebate levels disseminated through mode messaging offering a wide variety of very valuable in the quality of layout and richness of the content of subject that is on them that all your faithful readers organizations are an interest become a vital necessities as vital need of our days will be my absolute support for good and the continuation evokution called a forward always so intelligent and so easy all your faithful readers following with interest the information online without your organizations known to be constantly meet their requirements has all expectations at the request of clent … .
If you are told that they have never done what you had to relieve or do so against a heart that is either physically or financially by the well-being, which justifies that Mom has always had very raison d ‘ she and I shared far and its very high opinion which has been a price to pay reveal as being very expensive, that we have as desunis have always crept anything is wrong or not see the fact imagine having a different view of the world that I never been fa_on pleased with the significant lack of a mother who was then in love and that I would also etais already its human warmth and self-esteem … You know what does go and give me a good reason to want in this damn country or nothing will be implemented to be satisfied ..
They will be also address my humble thanks to you for sends these bulletins of news of your organizations, which in the deepest respect will be to allure my pleasant personality by the quality of the contents associated has an irreproachable professionalism which would not be too the case of French and Corsican who does not think that of the destruction that has to make since my arrival at French and Corsican and quite front same my birth, with for mention on the conclusion and the summary of the quality of your services at the time of the next surveys or will be mentioned my opinion work carried out and taken knowledge through these known as documents who will be called has to be preserved in the secrecy absolute like it is the need for practised for defense or forces armed and police force but also our secret services which I serve on ordinance allotted by my grandpa and my mom before same my birth and that still for long years has to come in spite from these large plums of which I board be constrained to be victims would not be to destroy tangible proofs being used as incriminating evidences for the instruction of the businesses treated by our services which leave planed a cleanliness which would seem has a good number of French and Corsican to be while being windy itself or as a practitioner the large mouth in the back of course as for to have parts enters the legs symbol of honesty by there stipulating more the interest with the awareness of these documents also judge on the quality of the page layout of or I address to you my excuse for my requirements which are a little too revealing on the concept of my technology but also in the evolution of my spot respectively has to write which wants to be to be soigneus in absoluent & iIn conclusion I address my homages to honour position of secretary general with your organization has this same personality and that with largest and deep respect which is essential for its pleasant personality general under secretary that I would assume the functions as they to me were allotted that same before my birth by my grandpa and my mom Jacqueline lee bouvier of or for more information they will be to ask to you, with gratitude and sympathy imposing itself as a right absolute to request the services envisaged has this effects with the customs with the one and well still the organization of the nato which will have generosity with aimability to answer has your requirements allowing of to raise any doubt which would plane in your spirits. Please consult your account mail at address electronics
fbise@leo.gov. & criminal investigation naval us navy division in attach all documents charaterizers by stereotype numbers 11. special thank you very much dear sir, mrs, miss with my respectfull.I thank you for holding me to inform thus that of confidence that you have was so kind as to grant to me and dares to hope that this one will not remain without answer of your services and,
Sincerely yours
puppa jean-noel new jersey
my address personal :
puppa jean-noel new jersey
buildingg c apart. Number 42
place paese nuovo
street royalty
20600 bastia corsican island
french
phone line : 0330495580019
email address
new-jersey16@hotmail.fr
new-jersey@hotmail.fr
poppa.jean-noel@neuf.fr