Secure Development Life Cycle (SDLC)
--
This is the process of the integrating security and privacy considerations into the development life-cycle. Everyone who is involve in the actual development will be participated in this process.
What is SDLC?
SDLC stands for secure development life-cycle. Sometimes its called SDL. We should not confuse this with Software Development Lifecycle. That is completely different one.
SDLC is methodology developed by Microsoft in 2002. It integrates security and privacy throughout all phases of the development process. Lets understand the origin of SDLC.
Year 2000
The internet was booming. Windows 2000 is released. Windows XP Beta released. One of the main design goals of the Windows XP was to make internet connectivity as seamless as possible and it succeeds in that big time. The more and more users were joining the internet everyday.
Then comes the year 2001. Code Red worm attacked Microsoft IIS around the world, causing 2 billing in damages. Nimda worm attacks Microsoft OSes around the world, causing many more millions of dollars in damages. Also that slows down the internet badly.
Bill Gates then CEO of the Microsoft sees all of that and he was worried and upset. Then in 2002 he wrote one of the most famous emails in the software industry and one that changes the way Microsoft writes software. In that email Bill Gates wrote about the role of security in the software development process. This was a very long memo, but lets discuss some important points.
- Our products should emphasize security right out of the box. When we face a choice between adding features and resolving security issue, we need to choose security.
- The secure development principles should apply at every stage of the development cycle of every kind of software we create.
SDLC basically says, security is not something you do as an afterthought but its a top priority for every product. Security should be handled at every stage of the development life-cycle. You can read the full memo from below link.
