By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    data-driven white label SEO
    Does Data Mining Really Help with White Label SEO?
    7 Min Read
    marketing analytics for hardware vendors
    IT Hardware Startups Turn to Data Analytics for Market Research
    9 Min Read
    big data and digital signage
    The Power of Big Data and Analytics in Digital Signage
    5 Min Read
    data analytics investing
    Data Analytics Boosts ROI of Investment Trusts
    9 Min Read
    football data collection and analytics
    Unleashing Victory: How Data Collection Is Revolutionizing Football Performance Analysis!
    4 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: FedCyber Webinar: The Security Development Lifecycle
Share
Notification Show More
Aa
SmartData CollectiveSmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > FedCyber Webinar: The Security Development Lifecycle
Security

FedCyber Webinar: The Security Development Lifecycle

AlexOlesker
Last updated: 2012/01/19 at 3:24 PM
AlexOlesker
0 Min Read
SHARE

On Friday, 16 December, Michael Howard hosted a webinar for FedCyber on the

On Friday, 16 December, Michael Howard hosted a webinar for FedCyber on the Microsoft Security Development Lifecycle (SDL), Howard is Microsoft’s Principal Security Architect with nearly 20 years of experience in the field and literally wrote the book on SDL, a topic that keeps growing more relevant. This year, the federal government put into policy with the National Science and Technology Council’s strategic plan for federal R&D what industry has already learned – the only way to protect against modern cyber attacks is to design security into software development.

While Microsoft is recognized as the leader in their Security Development Lifecycle, SDL is non-proprietary, platform agnostic, and suitable for organizations of any size. The tools for many SDL proceses can be downloaded for free and most content is published under Creative Commons License. Simply put, SDL is a series of 16 practices to ensure that security is incorporated into every part of the software development process rather than as an afterthought. The driving philosophy ofSDL is that no amount of security technology can compensate for insecure applications, and currently 75% of attacks occur at the application layer. There is simply too much that can go wrong. Applications may contain millions of lines of code, but it only takes one line to create a fatal vulnerability. There are many other places in a computer system where security can fail, from web-based attacks such as SQL injections for which vulnerabilities are almost ubiquitous to insecure data configuration and human error by users. Fortunately, the often repeated security paradigm “a system is only as secure as the weakest link” is only partially true. Through compensating controls, a central tenet of the Security Development Lifecycle, we can both reduce vulnerabilities and decrease the severity of the vulnerabilities we missed.

The 16 practices that comprise the Security Development Lifecycle are training requirements, security requirements, quality gates/bug bars, security and privacy risk assessment, design requirements, attack surface reduction, threat modeling, use of appropriate tools, depreciating unsafe functions, static analysis, dynamic program analysis, fuzz testing, attack surface review, creating an incident response plan, a final security review, and release/archive. Specifics on all of these steps can be found here, or in more detail here. In brief, while each practice is important, training is the highest priority. Everyone in the enterprise must know something about cybersecurity. For example, every time they begin a new project, every single software engineer at Microsoft gets some training whether security is in their job title or not. SDL is a systematic way to make sure you inventory your applications for common vulnerabilities like cross-site scripting and SQL injections, inventory your engineers to make sure they have adequate security training and tools, and inventory your supply chain to make sure all steps in the creation process use secure practices. Though security can’t be perfect, SDL aims to compensate for vulnerabilities in a way that products and technology cannot.

More Read

sobm for ai-driven cybersecurity

Software Bill of Materials is Crucial for AI-Driven Cybersecurity

4 Common Misconceptions Surrounding IoT Cybersecurity Compliance
Data Security Unveiled: Protecting Your Information in a Connected World
IoT Security: What Kind of Data Is Compromised by Poorly Protected IoT Devices?
AI Helps Businesses Enjoy Fast & Secure IT Infrastructures

You can find out more about SDL here, or when Michael Howard returns to deliver another webinar for FedCyber going into greater technical detail.

AlexOlesker January 19, 2012 January 19, 2012
Share This Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

RN coders for hosptial data
RN Coders Can Improve Hospital Data Strategies
Big Data
cloud technology in education
How Cloud Technology Can Be Integrating in Schools
IT
big data and IP laws
Big Data & AI In Collision Course With IP Laws – A Complete Guide
Big Data
ai in marketing
4 Ways AI Can Enhance Your Marketing Strategies
Marketing

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

sobm for ai-driven cybersecurity
Security

Software Bill of Materials is Crucial for AI-Driven Cybersecurity

9 Min Read
IoT Cybersecurity
Internet of Things

4 Common Misconceptions Surrounding IoT Cybersecurity Compliance

8 Min Read
data security unveiled
Security

Data Security Unveiled: Protecting Your Information in a Connected World

8 Min Read
IoT Security
Internet of Things

IoT Security: What Kind of Data Is Compromised by Poorly Protected IoT Devices?

6 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots
ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?