The Microsoft Security Development Lifecycle (SDL): Process Guidance

Starting with the Trustworthy Computing (TwC) directive of January 2002, many software development groups at Microsoft instigated “security pushes” to find ways to improve the security of existing code. However, the reliable delivery of more secure software requires a comprehensive process. To that end Microsoft defined four guiding principles to guide the creation and support of more secure software: Secure by Design; Secure by Default; Secure in Deployment; and Communications (SD3+C). The SDL brings these principles to life, by integrating them into every step of the software development lifecycle.

This page includes information on each of the phases of the SDL and provides links to resources to get your development crew up to speed on how to create secure applications from inception to support:



Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting

PROWESS CONSULTING documentation | integration | virtualization
Email: [email protected]
MVP – Forefront Edge Security (ISA/TMG/IAG)

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top