ALERT

[FREE DEMO] Deploy Your Enterprise Cloud in Minutes

Microsoft Security Development Lifecycle (Microsoft SDL)

Definition - What does Microsoft Security Development Lifecycle (Microsoft SDL) mean?

The Microsoft Security Development Lifecycle (Microsoft SDL) is a software development process based on the spiral model, which has been proposed by Microsoft to help developers create applications or software while reducing security issues, resolving security vulnerabilities and even reducing development and maintenance costs. The process is divided into seven phases: training, requirements, design, implementation, verification, release and response.

Techopedia explains Microsoft Security Development Lifecycle (Microsoft SDL)

The training phase is essential because practice is considered a requirement for the implementation of SDL. Concepts found in this phase include secure design, threat modeling, secure coding, security testing and practices regarding privacy. The requirements phase, on the other hand, includes the establishment of security and privacy that end-users require. Creating good quality gates/bug bars, and performing security and privacy risk assessments is part of the second phase.

The third phase, design, considers security and privacy concerns, which helps decrease the risk of repercussions from the public. Attack surface analysis or reduction and the use of threat modeling will help apply an organized approach to dealing with threat scenarios during the design phase. Implementation of the design should employ approved tools and include the analysis of dynamic run-time performance to check an application’s functional limitations.

The release phase includes the final review of all the security activities that will help ensure the software’s security capacity. After the release phase comes the response phase to implement the incident response plan that was prepared during the release phase. This is crucial because it guards end-users from software vulnerabilities that can emerge and harm the software and/or the user.

Techopedia Deals

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
Tweat cdn.techopedia.com
"Techopedia" on Twitter


'@Techopedia'
Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Resources
The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.