By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    predictive analytics in dropshipping
    Predictive Analytics Helps New Dropshipping Businesses Thrive
    12 Min Read
    data-driven approach in healthcare
    The Importance of Data-Driven Approaches to Improving Healthcare in Rural Areas
    6 Min Read
    analytics for tax compliance
    Analytics Changes the Calculus of Business Tax Compliance
    8 Min Read
    big data analytics in gaming
    The Role of Big Data Analytics in Gaming
    10 Min Read
    analyst,women,looking,at,kpi,data,on,computer,screen
    Promising Benefits of Predictive Analytics in Asset Management
    11 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: FedCyber Webinar: The Security Development Lifecycle
Share
Notification Show More
Latest News
ai software development
Key Strategies to Develop AI Software Cost-Effectively
Artificial Intelligence
ai in omnichannel marketing
AI is Driving Huge Changes in Omnichannel Marketing
Artificial Intelligence
ai for small business tax planning
Maximize Tax Deductions as a Business Owner with AI
Artificial Intelligence
ai in marketing with 3D rendering
Marketers Use AI to Take Advantage of 3D Rendering
Artificial Intelligence
How Big Data Is Transforming the Maritime Industry
How Big Data Is Transforming the Maritime Industry
Big Data
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > FedCyber Webinar: The Security Development Lifecycle
Security

FedCyber Webinar: The Security Development Lifecycle

AlexOlesker
Last updated: 2012/01/19 at 3:24 PM
AlexOlesker
0 Min Read
SHARE

On Friday, 16 December, Michael Howard hosted a webinar for FedCyber on the

On Friday, 16 December, Michael Howard hosted a webinar for FedCyber on the Microsoft Security Development Lifecycle (SDL), Howard is Microsoft’s Principal Security Architect with nearly 20 years of experience in the field and literally wrote the book on SDL, a topic that keeps growing more relevant. This year, the federal government put into policy with the National Science and Technology Council’s strategic plan for federal R&D what industry has already learned – the only way to protect against modern cyber attacks is to design security into software development.

While Microsoft is recognized as the leader in their Security Development Lifecycle, SDL is non-proprietary, platform agnostic, and suitable for organizations of any size. The tools for many SDL proceses can be downloaded for free and most content is published under Creative Commons License. Simply put, SDL is a series of 16 practices to ensure that security is incorporated into every part of the software development process rather than as an afterthought. The driving philosophy ofSDL is that no amount of security technology can compensate for insecure applications, and currently 75% of attacks occur at the application layer. There is simply too much that can go wrong. Applications may contain millions of lines of code, but it only takes one line to create a fatal vulnerability. There are many other places in a computer system where security can fail, from web-based attacks such as SQL injections for which vulnerabilities are almost ubiquitous to insecure data configuration and human error by users. Fortunately, the often repeated security paradigm “a system is only as secure as the weakest link” is only partially true. Through compensating controls, a central tenet of the Security Development Lifecycle, we can both reduce vulnerabilities and decrease the severity of the vulnerabilities we missed.

The 16 practices that comprise the Security Development Lifecycle are training requirements, security requirements, quality gates/bug bars, security and privacy risk assessment, design requirements, attack surface reduction, threat modeling, use of appropriate tools, depreciating unsafe functions, static analysis, dynamic program analysis, fuzz testing, attack surface review, creating an incident response plan, a final security review, and release/archive. Specifics on all of these steps can be found here, or in more detail here. In brief, while each practice is important, training is the highest priority. Everyone in the enterprise must know something about cybersecurity. For example, every time they begin a new project, every single software engineer at Microsoft gets some training whether security is in their job title or not. SDL is a systematic way to make sure you inventory your applications for common vulnerabilities like cross-site scripting and SQL injections, inventory your engineers to make sure they have adequate security training and tools, and inventory your supply chain to make sure all steps in the creation process use secure practices. Though security can’t be perfect, SDL aims to compensate for vulnerabilities in a way that products and technology cannot.

More Read

cloud data security in 2023

Top Tools for Your Cloud Data Security Stack in 2023

Combat AI-Powered Threats with Cybersecurity Simulations & Other Practices
A Guide to Using XDR Threat Protection to Stop Data Breaches
Anti-Spoofing is Crucial for Data-Driven Businesses
Fortifying Enterprise Digital Security Against Hackers Weaponizing AI

You can find out more about SDL here, or when Michael Howard returns to deliver another webinar for FedCyber going into greater technical detail.

AlexOlesker January 19, 2012
Share this Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

ai software development
Key Strategies to Develop AI Software Cost-Effectively
Artificial Intelligence
ai in omnichannel marketing
AI is Driving Huge Changes in Omnichannel Marketing
Artificial Intelligence
ai for small business tax planning
Maximize Tax Deductions as a Business Owner with AI
Artificial Intelligence
ai in marketing with 3D rendering
Marketers Use AI to Take Advantage of 3D Rendering
Artificial Intelligence

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

cloud data security in 2023
Cloud Computing

Top Tools for Your Cloud Data Security Stack in 2023

7 Min Read
cybersecurity simulations
Artificial IntelligenceExclusiveITSecurity

Combat AI-Powered Threats with Cybersecurity Simulations & Other Practices

7 Min Read
data breach issues
Security

A Guide to Using XDR Threat Protection to Stop Data Breaches

6 Min Read
anti-spoofing tips
Security

Anti-Spoofing is Crucial for Data-Driven Businesses

6 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

data-driven web design
5 Great Tips for Using Data Analytics for Website UX
Big Data
giveaway chatbots
How To Get An Award Winning Giveaway Bot
Big Data Chatbots Exclusive

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?