Secure Development Life Cycle (SDLC)

This is the process of the integrating security and privacy considerations into the development life-cycle. Everyone who is involve in the actual development will be participated in this process.

What is SDLC?

SDLC stands for secure development life-cycle. Sometimes its called SDL. We should not confuse this with Software Development Lifecycle. That is completely different one.

SDLC is methodology developed by Microsoft in 2002. It integrates security and privacy throughout all phases of the development process. Lets understand the origin of SDLC.

Year 2000

The internet was booming. Windows 2000 is released. Windows XP Beta released. One of the main design goals of the Windows XP was to make internet connectivity as seamless as possible and it succeeds in that big time. The more and more users were joining the internet everyday.

Then comes the year 2001. Code Red worm attacked Microsoft IIS around the world, causing 2 billing in damages. Nimda worm attacks Microsoft OSes around the world, causing many more millions of dollars in damages. Also that slows down the internet badly.

Bill Gates then CEO of the Microsoft sees all of that and he was worried and upset. Then in 2002 he wrote one of the most famous emails in the software industry and one that changes the way Microsoft writes software. In that email Bill Gates wrote about the role of security in the software development…