Aaron Jensen's splattered bits

Essays on software engineering

Home

Articles

Book Reviews

Tips & Tricks

Help Desk

Links

Tools

About the Writer

About the Site

Contact

E-mail
aaron@splatteredbits.com
YIM/AIM
splatteredbits
MSN/Jabber
aaron@splatteredbits.com

Sites I Can't Live Without

10x Software Development
Alertbox
Coding Horror
Daring Fireball
Ftrain
Joel on Software
Schneier on Security
Stevey's Blog Rants
Worse Than Failure
XKCD

RSS

The views expressed on this web site are mine alone and do not necessarily reflect the views of my employer.

Microsoft Publishes SDL 3.2 Guidance

Microsoft announced today that version 3.2 of its Security Development Lifecyle is available for download.

[S]ome folks are curious about how an organization the size of Microsoft programmatically drives culture change; others are looking for guidance that can be repurposed for their own organizations and finally, some folks are convinced that we are deliberately holding back some security “secret sauce” for some reason. Go figure.

With that, let me cut to the chase. Today, we have made the Microsoft Security Development Lifecycle, version 3.2 available for your perusal on MSDN. This has been in the works for quite awhile and has involved a ton of folks....

As you can probably guess, this is not an exact duplication of the SDL for a number of reasons – but it’s pretty darn close.

It's an 83-page Microsoft Word 2007 (i.e. .docx) file. Needless to say, I haven't had time to even skim it, but it's on my to-do list.