The Security Development Lifecycle

Microsoft’s Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development costs. This ebook, first published in 2006, was Microsoft’s first description of the SDL, and although this ebook isn’t an absolutely up-to-date description of the SDL—you can find that here—it is still full of useful information, including descriptions of many of the SDL’s core practices: threat modeling, banned functionality, fuzz testing, bug bars, correct cryptographic design, and more.”