14 DAY TRIAL // Securing software should be a top priority of the development process along with introducing new features and hitting timelines, according to Microsoft. The Redmond company has made available for download a free whitepaper in which it emphasizes the need for developers to make sure that customers are protected right from the development process. Essential Software Security Training for the Microsoft SDL can be grabbed through the Microsoft Download Center and as the label implies, the document is related to the company’s larger Security Development Lifecycle efforts. Essentially, the software giant reveals that software security training must be regarded as a key tenet of the Microsoft Security Development Lifecycle (SDL).
“While computer science and software development are established disciplines in business and education, software security remains something of an afterthought. There seems to be an ongoing misconception that good software security is not compatible with tight schedules and cutting-edge functionality. A commitment to software security training is a key tenet of the Microsoft Security Development Lifecycle (SDL) and vital to ensuring that secure software can take its place as a top priority along with software features and delivery timelines,” the company stated.
Just as was the case for the Redmond company’s implementation of the Trustworthy Computing vision, which also delivered SDL, software developers must make a concerted effort and focus on security in order to better their products. Specifically, companies need to embrace security-aware software development practices, just as Microsoft did with the SDL. The software giant is even sharing SDL with third-party developers in order to ensure that the ecosystem of solutions around Windows can benefit from the same best development practices as the latest releases of its operating systems.
“Security-aware software development practices come as a large transition for many organizations, and training is often a key boost needed to move processes and practices in the right direction,” the company added. “Training also provides a great avenue for employee growth, whether it directly contributes to career progression or results in internal “belts” or certifications that show the benefits of investment in time and effort. Given all this, organizations must seriously consider role-based training as a wise investment in future software security success.”