Most people would agree that Microsoft has come a long way from the dark days of frequent malware attacks and security flaws making headlines. Microsoft has now shared the untold, and thrilling, story of the Security Development Lifecycle at SDLstory.com with anecdotes of the early days, and never-before-seen video footage and photos of the key players.
While in the earliest days, hacking was just an underground hobby, the media attention that security attacks received made it fascinating for cybercriminals as an opportunity for fame. The romanticism of breaking the web just because you could do it became a high. But as time went on, the attacks became more and more malicious, exploiting software for financial gain.
These vulnerabilities gained media attention while Microsoft was working on a reactive mode. Incidents like these were so significant that they strained the company’s ability to provide support to customers. And despite their security efforts, the company was losing the trust of customers.
Within all this mess, Bill Gates sent a landmark memo about software security and trust to all full-time Microsoft employees wherein he coined the phrase ‘Trustworthy Computing’.
“… if we don’t do this, people simply won’t be willing — or able — to take advantage of all the other great work we do. Trustworthy Computing is the highest priority."
Not long after the memo, in February 2002, the unthinkable happened. The entire Windows division shut down and diverted all of its developers to security. Everyone was given training to outline expectations and priorities — threat modeling, code reviews, available tools, penetration testing — all designed to modify the default behavior of the system to make it more secure.
Microsoft began reinventing itself as a more secure computing company, and right away there were good results. With new tools, new processes, and a new understanding of the security landscape, integrating security into product development was now a primary focus across Microsoft. And by late 2003, early versions of Microsoft’s SDL began to take shape.
Once SDL got approved by the senior leadership, it was mandated to be embedded into the development cycle, updated periodically, and applied to all products and online services that faced meaningful risk. The increased security of Microsoft’s own software has been dramatic, in part due to the emphasis on continuing to evolve over the past 10 years.
Interestingly, the SDL has had a major impact on the broader industry as well. Early on, Microsoft decided to make the SDL’s tools, processes and guidance available free of charge to any organization that wanted to adapt it to their own business. As a result, the SDL has not only led to measurable improvements in the security and privacy of Microsoft’s software and services, but also to a fundamental shift in software development at many other companies. Two of the world’s largest technology companies, Adobe and Cisco, have adopted it.
Since its inception in 2004, and the external release of SDL tools and resources in 2008, Microsoft's SDL guidance has been downloaded more than 1 million times and reached more than 150 countries. From small developer shops to large enterprises, many are seeing benefits from a ‘baking security in’ approach. The SDL was built on the concept that security should not be an afterthought.
Source: SDL Story
Surface Duo is better at multitasking than Galaxy Z Fold 2. Here's why.
The $2,000 Samsung Galaxy Z Fold 2 and $1,400 Microsoft Surface Duo are garnering many headlines because of pricing, and they both "fold" in some manner. But these devices are radically different, a point demonstrated with great effectiveness by @iAm_erica in this new video.
Review: Samsung Galaxy Book S brings amazing battery life, tough keyboard
Samsung's Galaxy Book S runs the latest Qualcomm Snapdragon 8cx ARM processor. With a slick, slim design and weighing just 2.1lbs how does this ultra-light laptop handle office productivity? With exceptionally good battery life and that always-on 4G LTE we have some thoughts in our latest review.
The games on Xbox Cloud Gaming that need touch controls
Minecraft Dungeons proved that touch controls and cloud streaming games can work, so we put together a list of the games we think need touch controls as soon as possible.
Finding Xbox One Wireless Controller replacement parts is easy
Here are all the replacement Xbox One controller parts you need for an easy fix.