Microsoft is not yet done building Windows Vista's pedestal now that SP1 is out and about, with new efforts gearing towards rising the latest Windows client's monument on what's left of Windows XP SP3 after the discontinued availability through the retail and OEM channels. In this regard, a small aspect wich contributed to what little success Vista has had so far is getting its own corner of the online world. Microsoft has officially debuted the Security Development Lifecycle (SDL) website.

Described by the Redmond giant as the "industry-leading software security assurance process," SDL is responsible for the advanced level of bulletproofing of Windows Vista. However, SDL is by no means limited to Vista. In fact, the policy is now widespread at Microsoft and involved into every nook and cranny of the company's software building processes, becoming slowly synonymous with the development of new products.

"This website will serve as the main online presence for all SDL related communications and resources from Microsoft. For several years now the SDL has been at the heart of Microsoft's strategy for making security and privacy an integral part of the software development culture at Microsoft. As a result of the SDL, we have seen significant security improvements across many flagship Microsoft products including Windows, SQL Server and others. These security improvements have been widely recognized by security analysts, researchers and other experts," stated David Ladd, Senior Security Program Manager on the Security Engineering Strategy Team.

SDL has its roots in Microsoft Chairman Bill Gates' Trustworthy Computing (TwC) directive which dates back to January 2002. However, the practice only started to be implemented a couple of years later, in 2004. Windows Vista was in fact the company's first operating system to be produced entirely under the SDL methodology. This has permitted Microsoft to claim the title of the most secure Windows platform to date for Vista.

"Despite the significant improvements and recognition, we believe that our connections to our broad technical audiences (developers and IT Pros) are not equating the SDL to the progress we have made with our technologies and services. Given that, our goal is to help illustrate SDL processes and tooling in a structured and consistent manner - by providing actionable guidance for the different job roles within a development organization," Ladd added.