![]() Microsoft introduced its SDL in 2004, successfully uses and regularly updates it. Secure Development Lifecycle (SDL) is a process that helps to build more secure software. Describe obstacles we meet and how we overcome them.Describe its advantage/disadvantages as we perceive them here in Y Soft,. ![]() In this series of posts, I would like to: Here, in Y Soft, we decided to examine and try in one of our development teams the Microsoft Secure Development Lifecycle (SDL) that is a process aiming to help to build more secure software. In order to create secure products, a company should regularly evolve and adapt its development processes to changes that continuously take place around us. The question is only when a what impact it will have on the customers and the company. No matter what, security incidents happen. The software may change (e.g., it may introduces new features with new attack vectors), the market can change (e.g., more people can start using the software, so it may become more attractive to attackers), and the environment where the software is used may change (e.g., from an intranet solution it may become a public cloud based solution). If a company has no security incidents so far, does it mean that its security measures are adequate and it should not put additional investments in security? It is really hard to say yes or no. I would say this explanation is clear if there is no unknown variable there, i.e., the potential loss. What does “ adequately” mean? For me, security measures are adequate if an investment to them is less than loss caused if these measures were not implemented. Unfortunately, it does not necessary mean that security is adequately considered in every piece of software. ![]() ![]() Nowadays, security becomes an important aspect of almost every software system. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |