Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    chatgpt image jul 13, 2026, 04 23 45 pm
    How Data Analytics Helps Companies Improve User Engagement
    19 Min Read
    chatgpt image jul 13, 2026, 03 59 46 pm
    How Data Analytics Improves Multi-Location Search Strategies
    10 Min Read
    cybersecurity efforts
    How Behavioral Analytics and AI Are Redefining Cybersecurity for Boca Raton Businesses
    14 Min Read
    data driven risk management in heatlhcare
    How Data Analytics Is Changing Healthcare Risk Management
    17 Min Read
    big data and customer service outsourcing
    How Data Analytics Improves Customer Service Outsourcing
    18 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: FedCyber Webinar: The Security Development Lifecycle
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > FedCyber Webinar: The Security Development Lifecycle
Security

FedCyber Webinar: The Security Development Lifecycle

AlexOlesker
AlexOlesker
0 Min Read
SHARE

On Friday, 16 December, Michael Howard hosted a webinar for FedCyber on the

On Friday, 16 December, Michael Howard hosted a webinar for FedCyber on the Microsoft Security Development Lifecycle (SDL), Howard is Microsoft’s Principal Security Architect with nearly 20 years of experience in the field and literally wrote the book on SDL, a topic that keeps growing more relevant. This year, the federal government put into policy with the National Science and Technology Council’s strategic plan for federal R&D what industry has already learned – the only way to protect against modern cyber attacks is to design security into software development.

While Microsoft is recognized as the leader in their Security Development Lifecycle, SDL is non-proprietary, platform agnostic, and suitable for organizations of any size. The tools for many SDL proceses can be downloaded for free and most content is published under Creative Commons License. Simply put, SDL is a series of 16 practices to ensure that security is incorporated into every part of the software development process rather than as an afterthought. The driving philosophy ofSDL is that no amount of security technology can compensate for insecure applications, and currently 75% of attacks occur at the application layer. There is simply too much that can go wrong. Applications may contain millions of lines of code, but it only takes one line to create a fatal vulnerability. There are many other places in a computer system where security can fail, from web-based attacks such as SQL injections for which vulnerabilities are almost ubiquitous to insecure data configuration and human error by users. Fortunately, the often repeated security paradigm “a system is only as secure as the weakest link” is only partially true. Through compensating controls, a central tenet of the Security Development Lifecycle, we can both reduce vulnerabilities and decrease the severity of the vulnerabilities we missed.

The 16 practices that comprise the Security Development Lifecycle are training requirements, security requirements, quality gates/bug bars, security and privacy risk assessment, design requirements, attack surface reduction, threat modeling, use of appropriate tools, depreciating unsafe functions, static analysis, dynamic program analysis, fuzz testing, attack surface review, creating an incident response plan, a final security review, and release/archive. Specifics on all of these steps can be found here, or in more detail here. In brief, while each practice is important, training is the highest priority. Everyone in the enterprise must know something about cybersecurity. For example, every time they begin a new project, every single software engineer at Microsoft gets some training whether security is in their job title or not. SDL is a systematic way to make sure you inventory your applications for common vulnerabilities like cross-site scripting and SQL injections, inventory your engineers to make sure they have adequate security training and tools, and inventory your supply chain to make sure all steps in the creation process use secure practices. Though security can’t be perfect, SDL aims to compensate for vulnerabilities in a way that products and technology cannot.

More Read

bluetooth data is security risk
4 Ways Big Data Has Made Bluetooth A Terrifying Security Risk
Are Public Clouds Complex Environments?
Disrupting Nation State Hackers With the Security Basics
Network Security Certifications to Combat Growing Data Breach Threats
Walking Through The Front Door: SQL Injections

You can find out more about SDL here, or when Michael Howard returns to deliver another webinar for FedCyber going into greater technical detail.

Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

chatgpt image jul 15, 2026, 03 28 38 pm
How Cloud Technology Helps IT Asset Recovery Services
Cloud Computing Exclusive IT Security
chatgpt image jul 13, 2026, 04 23 45 pm
How Data Analytics Helps Companies Improve User Engagement
Analytics Big Data Exclusive
chatgpt image jul 13, 2026, 04 19 58 pm
Can AI Help Companies Improve PPC Fulfilment?
Artificial Intelligence Exclusive
chatgpt image jul 13, 2026, 04 14 54 pm
How AI Helps Companies Adapt to Fulfillment Strategy Changes
Artificial Intelligence Exclusive

Stay Connected

1.2KFollowersLike
33.7KFollowersFollow
222FollowersPin

You Might also Like

Security

6 Tips to Protect Your Business’ Most Important Asset: Your Data

4 Min Read
business data security
Security

5 Urgent Changes to Immediately Improve Business Data Security

6 Min Read

4 Must-Haves in your IT Disaster Recovery Plan

4 Min Read

What does Wikileaks mean for open data initiatives?

0 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots
ai chatbot
How AI Website Chatbots Improve Customer Support and Lead Generation
Chatbots Exclusive

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-26 SmartData Collective. All Rights Reserved.
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?