Microsoft has reached a significant milestone in its ongoing, company-wide commitment to increasing software security. Earlier this month, the latest versions of three key products – Microsoft Visual Studio 2005, Microsoft SQL Server 2005, and Microsoft BizTalk Server 2006 beta 2 – were launched, becoming the first Microsoft products to have undergone the complete Security Development Lifecycle (SDL) process from inception to release.
Microsoft’s SDL process is a unique approach to software development that reflects the knowledge and best practices learned from focused security efforts over the last three years across all phases of the software development lifecycle. From initial design to final release, every Internet -facing or enterprise-class product offered by Microsoft will go through its comprehensive SDL process. In addition, Microsoft also announced key code analysis and debugging tools developed as part of the SDL process – PREfast and FXCop, among others – are now available to commercial software developers via Visual Studio 2005. Once exclusive to Microsoft, these tools empower independent software developers as they work to reduce software vulnerabilities in applications, write higher quality code, and meet the growing demand for more secure software.
Because the SDL is a foundational element in Microsoft’s overall security efforts, PressPass interviewed Michael Howard, senior security program manager with Microsoft’s Security Technology Unit, to get his perspective on the specifics of these new products and on the overall progress to date of the SDL effort.
|