Adoption of Microsoft’s Security Development Lifecycle (SDL) Spreads

On May 16th, at the inaugural Security Development Conference 2012 in Washington D.C., Microsoft unveiled that the adoption of Security Development Lifecycle (SDL) has expanded beyond the software industry.

The Redmond-based software giant notes that SDL has already seen adoption from governments and businesses that are in charge with maintaining some of the most critical systems in the world.

Microsoft has been long focused on sharing its software development practices, which influenced more companies into adopting the SDL model. They also started to integrate these principles into their own development organizations.

The SDL has started to be implemented by governments and companies in the private industry, in an attempt to benefit from enhanced cybersecurity for their customers and citizens.

Among the latest success stories that are worth being mentioned on SDL adoption, Microsoft lists Government of India and Itron, Inc.

“The Government of India has included secure coding practices in its draft national economic five-year plan,” Steve Lipner, partner director of program management, Trustworthy Computing, Microsoft, says.

“India’s Computer Emergency Response Team (CERT-In), which leads the country’s response to cyber threats, has already taken steps toward implementing the five-year plan by leveraging Microsoft’s SDL as one of the core tenets for application security.”

At the same time, the National Informatics Centre, part of the Central Government Office of India, has kicked off training in SDL principles. Over 10,000 of India’s cyber forensic investigators have been included in the training.

Itron, one of the leading providers of solutions for the management of energy and water resources, has recently started the implementation of Microsoft’s SDL, imposing it as mandatory for the development of its hardware and software solutions.

“Businesses and governments operating these systems will benefit from the experiences of the Government of India and Itron by leveraging the information they have shared to evolve and accelerate their own adoption of secure development practices,” Steve Lipner notes.

Additional info on SDL and its adoption by the Indian Government and Itron can be found on Microsoft’s website, or through the Indian Government Case Study and the Itron Case Study.