Updated: October 3, 2021 (September 19, 2016)
Analyst ReportSecurity Development Lifecycle May Be Outdated
The Security Development Lifecycle (SDL) is a set of Microsoft-published software development practices that aim to minimize security vulnerabilities. Documentation, templates, and tools supplied by Microsoft help customers use the SDL, and several updates to these arrived after the strategy’s debut. However, few updates have arrived in recent years, while development trends, such as an emphasis on cloud and mobile solutions, have continued to evolve. Therefore, the SDL may not be adequate for new projects.
Guidance and Tools Offered
The SDL was first published in 2008, but it was used internally by Microsoft for several years before that, having arrived as a product of the company’s Trustworthy Computing Initiative. SDL practices include the following:
- Creating threat models early in the development process to ensure the product team mitigates the threats in design, coding, and testing
- Using code-scanning tools during development and testing to help find commonly exploited defects
Atlas Members have full access
Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.
Membership OptionsAlready have an account? Login Now