Shostack + Friends Blog Archive


Security Development Lifecycle, the Book

sdl-book.jpgMichael Howard announces the imminent availability of his new book, “The Security Development Lifecycle” by Michael Howard and Steve Lipner:

This time the book documents the Security Development Lifecycle (SDL), a process that we’ve made part of the software development process here at Microsoft to build more secure software. Many customers, press, analysts, and, to be honest, competitors want to know more about what we’re doing in the software engineering space to shore up our software’s defenses. And thanks to the SDL, we’ve seen good progress to date (read: in the range of 50% reduction in vulnerabilities, sometimes more!)

There’s a lot of information about not only what they’re doing, but why, and what happened along the way. I’m looking forward to it.