Microsoft Software Development Lifecycle Authoritative Source Content

Document created by Susan Read-Miller Employee on May 20, 2018Last modified by Susan Read-Miller Employee on May 18, 2020
Version 4Show Document
  • View in full screen mode

The Microsoft Security Development Lifecycle (SDL) is an industry-leading software security assurance process. A Microsoft-wide initiative and a mandatory policy since 2004, the SDL has played a critical role in embedding security and privacy in Microsoft software and culture. Combining a holistic and practical approach, the SDL introduces security and privacy early and throughout all phases of the development process. It has led Microsoft to measurable and widely recognized security improvements in flagship products, such as Windows Vista® and Microsoft SQL Server®. Microsoft is publishing the detailed SDL process guidance as part of its commitment to enable a more secure and trustworthy computing ecosystem.

 

The following documentation provides an in-depth description of the Microsoft SDL methodology and requirements. Proprietary technologies and resources that are only available internally at Microsoft have been omitted from these guidelines.

 

Organizations that wish to implement the SDL should read the Simplified Implementation of the Microsoft SDL whitepaper. This whitepaper illustrates the core concepts of the Microsoft SDL and discusses the individual security activities that should be performed in order to follow the SDL process. For the latest information about the Microsoft SDL, resources, and tools, please see http://www.microsoft.com/sdl.

 

Languages

This content is available in English only.

 

Mappings

Mappings for the Microsoft SDL to the RSA Archer Control Standard Library are available in the authoritative source content pack.

 

Content Source

The source of this content comes from the Microsoft SDL Guidelines.

 

Licensing Restrictions

The Microsoft SDL authoritative source content is available with the use of the RSA Archer Policy Program Management, RSA Archer IT Policy Program Management, and/or RSA Archer Authorization and Assessment use cases. No additional license is required.

 

For More Information

To learn more about the Microsoft Software Development Lifecycle Authoritative Source Content :

 

For Additional Support

To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at archersupport@rsa.com for more information.

Attachments

    Outcomes