Building More Secure Commercial Software: The Trustworthy Computing Security Development Lifecycle

نویسنده

  • Steven B. Lipner
چکیده

With the growth of the Internet as a vehicle for commercial, governmental, and personal communications and information sharing, the importance of providing trustworthy computing facilities that will resist hostile attack has grown dramatically. In response to this growing need, Microsoft has developed the Trustworthy Computing Security Development Lifecycle (SDL), an integrated process for improving the security of commercial software as it is being developed. This paper describes the phases of the SDL from initial requirements definition through the Final Security Review before software release, and summarizes some of the improvements in security demonstrated by software that has completed the SDL.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

The Trustworthy Computing Security Development Lifecycle

This paper discusses the Trustworthy Computing Security Development Lifecycle (or simply the SDL), a process that Microsoft has adopted for the development of software that needs to withstand malicious attack. The process encompasses the addition of a series of securityfocused activities and deliverables to each of the phases of Microsoft's software development process. These activities and del...

متن کامل

The ISDF Framework: Towards Secure Software Development

The rapid growth of communication and globalization has changed the software engineering process. Security has become a crucial component of any software system. However, software developers often lack the knowledge and skills needed to develop secure software. Clearly, the creation of secure software requires more than simply mandating the use of a secure software development lifecycle; the co...

متن کامل

Annex: A Middleware for Constructing High-Assurance Software Systems

Cross Domain Solutions and Multi-Level Secure systems are becoming more popular as the benefits of merging data from different security levels becomes more widely understood. Software forming the Trusted Computing Base of such systems must maintain isolation between data from differing security levels while providing some means of bridging that isolation under strictly supervised conditions. We...

متن کامل

Security Deliberations in Software Development Lifecycle

Security is a serious problem in software development which when not taken into consideration, exploits vulnerabilities in software. Such security related problems need to be addressed as early as possible while building software. Security problems exist for many reasons. A major thing is that, software cannot resist security attacks. Software security vulnerabilities are often caused due to th...

متن کامل

Common Attack Pattern Enumeration and Classification — CAPECTM A Community Knowledge Resource for Building Secure Software

To build secure software, builders must ensure that they have protected every relevant potential vulnerability. Yet, to attack software, attackers often have to find and exploit only a single exposed vulnerability. To identify and mitigate relevant vulnerabilities in software, the development community needs more than just good software engineering and analytical practices, a solid grasp of sof...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005