Microsoft called up more than 50 technical experts from the its OEM partners this week for a two-and-a-half-day refresher course in the software giant's Security Development Lifecycle (SDL), the company's initiative aimed at drastically reducing the number of vulnerabilities shipped in its products.
The presentations will cover threat modeling, secure coding and the hacker viewpoint, Michael Howard, security program manager for Microsoft, said on his blog. Microsoft is preparing to ship its latest operating system, Windows Vista, to business customers at the end of the month.
"The discussions are technical and to their credit, the participating companies sent their 'A teams' to learn about the SDL process and how they can use it within their organizations," Howard stated. "We are presenting the same content that we give to our own engineers on a variety of SDL topics."
Microsoft adopted the Security Development Lifecycle as part of its Trustworthy Computing Initiative, adopted in January 2002 after the massive Code Red and Nimda worm epidemics. The SDL aims to drum out security flaws from the company products and train development, quality-control and support staff to keep flaws from reoccurring.
Windows 2003, Visual Studio 2005, Internet Explorer 7 and Microsoft Office 2007 have all been developed under the SDL process.
Posted by: Robert Lemos