Microsoft no longer a 'laughingstock' of security

Considering our upcoming security event for developers, this is a very timely Computer World article not least because it highlights the contribution of the SDL in reducing vulnerability counts in Microsoft products:

"The biggest contribution in the security space has been the [SDL]. We have processes in place now where we build documented-threat models at design time. And as you build and architect code, you are always mitigating against these threat models. The threat models get updated during the course of development to keep them current. At the back end of the process, we have a final security review where we look at the product and all the bug scrubs and all the work we have done to see if the product is ready to ship from a security perspective. This, I think, is the biggest change. If you look at our vulnerabilities year over year in product after product, our vulnerability counts are going down dramatically as our products get better." Scott Charney, corporate vice president of Trustworthy Computing (TwC) at Microsoft Corp.

Want to know more? Come along on Oct. 12th and learn about the SDL and the case for building security into the development lifecycle.

Cross posted from ronan's blog