This is the Trace Id: fcebff9abe0ea35f6c08324b96ef2552
No Data Available

About Microsoft SDL

In the early 2000s, personal computers (PCs) were becoming increasingly common in the home and the internet was gaining more widespread use. This led to a rise in malicious software looking to take advantage of users connecting their home PCs to the internet. It quickly became evident that protecting users from malicious software was going to take a fundamentally different approach to security.

In January 2002, Microsoft launched its Trustworthy Computing initiative to help ensure Microsoft products and services were built inherently highly secure, available, reliable, and with business integrity. The Microsoft Security Development Lifecycle (SDL) was an outcome of our software development groups working to develop a security model that’s easy for developers to understand and build into their security code.

The Microsoft SDL became an integral part of the software development process at Microsoft in 2004. The development, implementation, and constant improvement of the SDL represents our strategic investment to the security effort. This is an evolution in the way that software is designed, developed, and tested, and has now matured into a well-defined methodology.

Now, over a decade later, the Microsoft SDL continues to be fundamental to how we develop our products and services. With the rise of mobile, cloud computing, Internet of Things, artificial intelligence, and other new technologies, we’ve continued to evolve the practices.

Check out the Microsoft SDL to see the practices and solutions we use to build highly secure software and services
SDL Timeline The perfect storm 2000-2002: Growth of home PC’s, Rise of malicious software, Increasing privacy concerns, Internet use expansion SDL ramp up 2003-2005: Bill Gates’ TwC memo, Microsoft security push, Microsoft SDL released, SDL becomes mandatory policy at Microsoft, Windows XP SP2 and Windows Server 2003 launched with security emphasis Setting a new bar 2006-2008: Windows Vista and Office 2007 fully integrate the SDL, SDL released to public, Data Execution Prevention (DEP) & Address Space Layout Randomization (ASLR) introduced as features, Threat Modeling Tool Collaboration 2009-2011: Microsoft joins SAFECode, Microsoft Establish SDL Pro Network, Defense Information Systems Agency (DISA) & National Institution Standards and Technology (NIST) specify featured in the SDL, Microsoft collaborates with Adobe and Cisco on SDL practices, SDL revised under the Creative Commons License Selective tooling and Automation 2012-2018+: Additional resources dedicated to address projected growth in Mobile app downloads, Industry-wide acceptance of practices aligned with SDL, Adaption of SDL to new technologies and changes in the threat landscape, Increased industry resources to enable global secure development adoption