Micrsoft aim at revising SDL
Micrsoft aim at revising SDL which is being followed in producing softwares at microsoft. The SDL is a mandatory process used internally at Microsoft during the development of its products, and Microsoft began to share its SDL expertise and tooling with customers last year.
The researchers in Micrsoft will work on reshaping the SDL tools which are vulnerable to threats. The reseracher will coordinate with external consultant also.
“As we learn about vulnerability types, we address them with the compiler,” said Michael Howard, principal security program manager of the SDL Team. “The Visual C++ compiler offers a lot of defenses for free.
“I spend hours each day reading security research, draft documents on security protocols, and about the security implications of some technologies to stay on top of what happens in this industry.”
While that research often results in Microsoft adapting its technologies and SDL requirements to address vulnerabilities, the company is acutely aware that additional requirements can hold products up. To balance security with its need to ship software, Microsoft tests new SDL requirements across the company before they become mandatory, Howard said. “Lots of rigor goes into making a requirement,” he added.