Secure coding lessons from Microsoft

Microsoft's security development lifecycle (SDL), a methodology for secure software development, is going beyond the corporate walls of the Redmond, Wash.-based software firm and into the hands of enterprise software producers, according to company executives.

At Microsoft's Security Day event held in Bellevue, Wash. last Friday, executives said the SDL has been made publicly available for developer shops for use in their own environment as a means to produce bug-free applications.

Without getting into specifics, Michael Howard, senior security program manager at Microsoft's security engineering team, said there are now at least half-a-dozen organizations that have adopted SDL and integrated it into their own development process.

Howard stressed that the SDL is not expected to completely eliminate software vulnerabilities, but the goal is to reduce vulnerabilities and reduce the severity of any vulnerability that may exist in a particular code.