Microsoft Security Development Lifecycle (Microsoft SDL)
Advertisement
Techopedia Explains Microsoft Security Development Lifecycle (Microsoft SDL)
The training phase is essential because practice is considered a requirement for the implementation of SDL. Concepts found in this phase include secure design, threat modeling, secure coding, security testing and practices regarding privacy. The requirements phase, on the other hand, includes the establishment of security and privacy that end-users require. Creating good quality gates/bug bars, and performing security and privacy risk assessments is part of the second phase.The third phase, design, considers security and privacy concerns, which helps decrease the risk of repercussions from the public. Attack surface analysis or reduction and the use of threat modeling will help apply an organized approach to dealing with threat scenarios during the design phase. Implementation of the design should employ approved tools and include the analysis of dynamic run-time performance to check an application’s functional limitations.
The release phase includes the final review of all the security activities that will help ensure the software’s security capacity. After the release phase comes the response phase to implement the incident response plan that was prepared during the release phase. This is crucial because it guards end-users from software vulnerabilities that can emerge and harm the software and/or the user.
Related Question
How can security be both a project and process?Advertisement
Related Reading
- 3 Defenses Against Cyberattack That No Longer Work
- Money Laundering, the Internet Way
- Why Office 365 Will Be Microsoft's Bread and Butter
- PowerLocker: How Hackers Can Hold Your Files for Ransom
- Agile Software Development 101
- Slow Dancing With Technology: Debugging, the Programmer and the Machine