The software industry has been struggling with how to create and release software that is more security-enhanced and reliable— the Security Development Lifecycle (SDL) provides a methodology that works. Adapted from Microsoft's standard development process, SDL is a critical way to help reduce the number of security defects in code at every stage of the development process, from design to release. In addition to a brief history of the methodology, this book details each stage of the SDL methodology and discusses its implementation across a range of Microsoft software, including MicrosoftÐ® Windows Server™ 2003, Microsoft SQL Server™ 2000 Service Pack 3, and Microsoft Exchange Server 2003 Service Pack 1, to help measurably improve security features. Coauthored by Michael Howard and Steve Lipner, you get direct access to insights from Microsoft's security team and lessons that are repeatable and applicable to software development processes worldwide, whether on a small-scale or large-scale. This book includes a CD featuring videos of developer training classes.
It's probably best to start by explaining who is not the primary audience for this book; this is not a book for developers. That said, we don't mean that developers should not read this book. We mean there is very little code in this book and no real implementation best practices that would apply to developers. This book is more broadly aimed at two sets of people. The first group includes management and people who manage software development teams and the software development processes within their organizations. The second group includes designers and architects.