Microsoft News

Microsoft takes the Lumia 930 to the Cornbury music festival

Microsoft News

China's going after Microsoft, but what for?

Editorials

Analysis of Microsoft's Q4 2014 results

Editorials

Xbox Video and Music are getting 'streamlined' says Nadella

Surface

Video of Microsoft's secret labs offers a look into the world of Surface

Windows Phone News

5.8 million Lumia smartphones sold this last quarter

General News

Microsoft generates $23.38 billion in revenue for FY14 Q4

General News

Microsoft focuses on design to unify separate platforms

General News

Microsoft to hold one big IT conference in May 2015 as they replace TechEd [Update]

Microsoft News

Microsoft 'betrayed' Finland, says Finnish finance minister of layoffs

Editorials

Putting the Microsoft job cuts into perspective

Microsoft News

Stephen Elop explains how recent job cuts will affect Microsoft's handset division

Microsoft News

Microsoft to cut 18,000 jobs in the next year

Microsoft News

Microsoft layoffs allegedly happening tomorrow, will be largest in company history

Microsoft News

Microsoft widens its renewable energy commitment with wind farm deal in Illinois

Microsoft News

'Microsoft needs to change', says CEO Satya Nadella

Microsoft News

Microsoft set to lay off large amounts of staff in upcoming organizational changes

Microsoft News

Microsoft issues security advisory affecting all versions of Windows, Windows Phone

General News

UK government set to rush through emergency surveillance legislation

General News

UK officials follow US counterparts by banning electronics that have no charge from boarding flights

Microsoft
13

From a Bill Gates memo to an industry practice: The story of Security Development Lifecycle

Most people would agree that Microsoft has come a long way from the dark days of frequent malware attacks and security flaws making headlines. Microsoft has now shared the untold, and thrilling, story of the Security Development Lifecycle at SDLstory.com with anecdotes of the early days, and never-before-seen video footage and photos of the key players.

While in the earliest days, hacking was just an underground hobby, the media attention that security attacks received made it fascinating for cybercriminals as an opportunity for fame. The romanticism of breaking the web just because you could do it became a high. But as time went on, the attacks became more and more malicious, exploiting software for financial gain.

These vulnerabilities gained media attention while Microsoft was working on a reactive mode. Incidents like these were so significant that they strained the company’s ability to provide support to customers. And despite their security efforts, the company was losing the trust of customers.

Trustworthy Computing

Within all this mess, Bill Gates sent a landmark memo about software security and trust to all full-time Microsoft employees wherein he coined the phrase ‘Trustworthy Computing’.

“… if we don’t do this, people simply won’t be willing — or able — to take advantage of all the other great work we do. Trustworthy Computing is the highest priority."

Not long after the memo, in February 2002, the unthinkable happened. The entire Windows division shut down and diverted all of its developers to security. Everyone was given training to outline expectations and priorities — threat modeling, code reviews, available tools, penetration testing — all designed to modify the default behavior of the system to make it more secure.

Microsoft began reinventing itself as a more secure computing company, and right away there were good results. With new tools, new processes, and a new understanding of the security landscape, integrating security into product development was now a primary focus across Microsoft. And by late 2003, early versions of Microsoft’s SDL began to take shape.

Once SDL got approved by the senior leadership, it was mandated to be embedded into the development cycle, updated periodically, and applied to all products and online services that faced meaningful risk. The increased security of Microsoft’s own software has been dramatic, in part due to the emphasis on continuing to evolve over the past 10 years.

Interestingly, the SDL has had a major impact on the broader industry as well. Early on, Microsoft decided to make the SDL’s tools, processes and guidance available free of charge to any organization that wanted to adapt it to their own business. As a result, the SDL has not only led to measurable improvements in the security and privacy of Microsoft’s software and services, but also to a fundamental shift in software development at many other companies. Two of the world’s largest technology companies, Adobe and Cisco, have adopted it.

Since its inception in 2004, and the external release of SDL tools and resources in 2008, Microsoft's SDL guidance has been downloaded more than 1 million times and reached more than 150 countries. From small developer shops to large enterprises, many are seeing benefits from a ‘baking security in’ approach. The SDL was built on the concept that security should not be an afterthought.

Source: SDL Story

4
loading...
57
loading...
36
loading...
0
loading...

Comments

There are 13 comments. Sign in to comment

Now that is an interesting and inspiring article at the same time, :)

horbeme says:

glad imma windows pc, phone and tab user

Dadstar0410 says:

All hail Live Tiles! All hail the future of computing! All hail Microsoft, and the best OSes in the world!

QilleRz says:

True. Looking forward to Microsoft's further development :)

RyanAMG says:

Love articles like this

Aashish13 says:

Baxi u post great articles.

blackhawk556 says:

I wonder how many times the entire division has shut down to focus on a particular idea like mentioned.

Ok while that's a good article and Bill Gates rocks, we have to look back to a year ago when us and Germans found windows had a backdoor security hole to help NSA with data aggregation. Does this mean they're closing this gap? (yes, I have a windows phone and run windows 8.1)

michail71 says:

If you want to feel like a hacker these days try configuring a new Windows server. :)  It's not an easy process unlocking those processes and granting the proper access.

I love Bill! Without doubt in the select few number of people who have truly changed this world!