Microsoft Shares Vista Security Development Practices

Windows Vista is the first Microsoft product that is also a result of the implementation of a coherent collection of development methodologies focused on security known as the Secure Development Lifecycle. The SDL is one of the reasons why Microsoft is applauding Windows Vista as the most secure Windows operating system to date, and the company has started not only to evangelize the Secure Development Lifecycle but also to educate the community in accordance with its own security development practices.

In this context, the Microsoft Security Response and Safety Summit proved to be fertile ground for a little SDL one-on-one. Members of both the Microsoft Security Response Alliance and the Secure IT Alliance converged in Redmond for the MSRSS. "Some of you may be thinking "So what? Microsoft had another security event - whoopee!!" Fair enough. However, in our defense, I'd like to make two points. First, I think it's mildly amusing that the notion of Microsoft hosting a security collaboration event has become so commonplace - it wasn't so long ago that Microsoft and security couldn't be uttered in the same sentence without fits of laughter - it's interesting how times change," stated David Ladd, Senior Security Program Manager on the Security Engineering Strategy Team.

Ladd also added that, in order to ensure the protection of customers, Microsoft will not only collaborate openly with the security community, but it will also share its knowledge. Additionally, such scenarios also enable Microsoft to get a heads-up when it comes to emerging problems. "At first I was a little concerned about the potential for "impedance mismatch" - after all, we were talking about the various facets of security development methodology and this was an event traditionally focused on how to collaborate effectively in a time of security crisis," Ladd added.