Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

New Blog | Microsoft Security Development Lifecycle (SDL)


By Joylynn Kirui


Security and privacy should never be an afterthought when developing software.  A formal process must become standard practice to ensure they are considered at all points of the product's lifecycle. The rise of software supply chain attacks—including the XZ Utils, SolarWinds attack and Log4j vulnerabilities—highlights the critical need to build security into the software development process, from the ground up.  


Over the last 20 years, there have been many improvements to the security development lifecycle (SDL) reflecting changes in internal tools and processes. We are excited to announce that this week, we have updated the security practices on the SDL website, and we will continue to update this site with new information on a regular basis. 


Microsoft Security Development Lifecycle (SDL) Timeline 



Figure 1: Graphic of the SDL Timeline

In the early 2000s, personal computers (PCs) were becoming increasingly common in the home and the internet was gaining more widespread use. This led to a rise in malicious software looking to take advantage of users connecting their home PCs to the internet. It quickly became evident that protecting users from malicious software required a fundamentally different approach to security. 


In January 2002, Microsoft launched its Trustworthy Computing initiative to help ensure Microsoft products and services were built to be inherently highly secure, available, reliable, and with business integrity. 


Read the full post here: Microsoft Security Development Lifecycle (SDL)

0 Replies