The Security Development Lifecycle (SDL)

Writing secure code is absolutely critical. It requires training, experience, education and process. In the modern world software gets very complex, and doing it securely requires a scientific approach. A discipline has arose to meet this need.

In this discipline a handful of heros have arose. With this post I’d like to focus on one of the champions of this discipline, Michael Howard of Microsoft.

Michael is renowned globally for his work on the critically important construct of the Security Development Lifecycle (SDL).

A a security engineering process, SDL has proven to be incredibly important for reducing the rate of vulnerabilities in software. This process is relevant for IT firms producing consumer or enterprise products as well as for systems integrators producing systems and solutions. The SDL is also critically important for government IT professionals to understand, since it can help shape requirements and ensure the quality of software being delivered.

Which brings me to the reason I wanted to single out Michael for this post. I’ve just received word that he has accepted a position at Microsoft where he will be able to make more direct contributions to federal security activities. He has joined the new Cybersecurity team of the Microsoft Public Sector Services group where he will be focusing on helping customers in the architecture, design and implementation of secure software development practices.

I have a feeling Michael will be in very high demand in the federal space. I look forward to meeting him myself and look forward to the positive changes he will be bringing to the community.

For more information, you can check out Michael and his approach at:


Original post

Leave a Comment

Leave a comment

Leave a Reply