none
SDLC RRS feed

  • Question

  • What are the principles of SDLC?

    I mean what are the variables need to create one?
    I have my thesis next semester and I want to be ready..

    And kindly explain what SDLC is for.
    Reply is grealty appreciated

    • Moved by Chakkaradeep Chandran Sunday, March 14, 2010 8:23 AM (From:SharePoint 2010 - General Questions and Answers)
    • Moved by Hengzhe Li Tuesday, June 21, 2011 12:08 PM Forum Consolidate (From:Microsoft Security Development Lifecycle (SDL) - Threat Modeling)
    Saturday, March 13, 2010 2:17 AM

Answers

  • In the context of this forum, the SDL is the security development lifecycle. If you are wanting to learn how that is done at Microsoft, your best launch point would be to check http://www.microsoft.com/security/sdl/default.aspx. The best place to start within that portal is http://www.microsoft.com/security/sdl/about/process.aspx, which talks about the entire process.

    But Microsoft's SDL is just one mechanism you can follow. I would highly recommend you consider expanding your field of view to consider other SDL processes that exist. A few books I would recommend you consider picking up include:

    The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software by Michael Howard
    ISBN: 978-0735622142

    Software Security: Building Security In by Gary McGraw
    ISBN: 978-0321356703

    You will find contrasting views on the approaches, but interestingly enough, I think it is good to know both methods. You can also research some of the SDL processes from companies like IBM and Oracle, who in the past have published works you may wish to read.

    Hope that helps. Good luck with your thesis.

    Monday, March 15, 2010 8:05 PM

All replies

  • Are you referring to Software/Systems Development Life Cycle?? If so, this is the wrong forum to ask that. Try searching for SDLC in Bing and you will find plenty of information on that topic.
    Blog: http://sptwentyten.wordpress.com
    Saturday, March 13, 2010 3:39 AM
  • In the context of this forum, the SDL is the security development lifecycle. If you are wanting to learn how that is done at Microsoft, your best launch point would be to check http://www.microsoft.com/security/sdl/default.aspx. The best place to start within that portal is http://www.microsoft.com/security/sdl/about/process.aspx, which talks about the entire process.

    But Microsoft's SDL is just one mechanism you can follow. I would highly recommend you consider expanding your field of view to consider other SDL processes that exist. A few books I would recommend you consider picking up include:

    The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software by Michael Howard
    ISBN: 978-0735622142

    Software Security: Building Security In by Gary McGraw
    ISBN: 978-0321356703

    You will find contrasting views on the approaches, but interestingly enough, I think it is good to know both methods. You can also research some of the SDL processes from companies like IBM and Oracle, who in the past have published works you may wish to read.

    Hope that helps. Good luck with your thesis.

    Monday, March 15, 2010 8:05 PM