Updated: July 13, 2020 (February 20, 2006)
SidebarSecurity Development Lifecycle
As a key part of its Trustworthy Computing Initiative, Microsoft reassessed and updated each phase of its internal development life-cycle to add security-focused activities and deliverables.
These activities and deliverables, collectively known as the Security Development Lifecycle (SDL) include the following:
- Developing threat models early in the process to ensure the product team understands potential attack vectors, characterizes the security of their features, and determines threats early so that they can be mitigated during design, coding, and testing phases
- Using static analysis code-scanning tools (such as PREfast) during development and testing to help find possible defects in the product’s source code, including buffer overflows, which are a common attack vector exploited by malicious code
- Conducting code reviews and security testing at various phases of product development
- Subjecting products to a final security review by a team independent from the development group.
Atlas Members have full access
Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.
Membership OptionsAlready have an account? Login Now