Thursday, October 13, 2005

Does Microsoft's SDL Work?

Michael Howard offers an answer in this essay on the implementatioin of the Security Development Lifecycle (SDL) at Microsoft:

"The answer is a resounding Yes! We have seen the number of security defects be reduced by approximately 50 to 60 percent when we follow SDL. The simple fact is that every product touched by SDL has fewer security defects. Period. And that certainly makes it worth pursuing."