I often talk about how we learned to engineer security into the products and the results prove that we are on the right track. One of the challenges we always have is how to help the ecosystem to improve as well. One of the ways is to communicate through our website. Not, that this is really new news â€“ it is actually a few weeks old but stillâ€¦ We renewed our Security Development Lifecycle site.
If you are developing software internally you should definitely look at the site and think how to implement SDL in your organization. If you want help, there is the SDL Pro Network here to help you to implement SDL. Or leverage the tools we make available. Or much moreâ€¦
If you are â€œjustâ€ buying software, look at the lifecycle and start to ask your vendors a few questions like:
- How do you engineer security into the products? (I am not talking about the classical software engineering processes â€“ I am talking about securityâ€¦)
- How do you do Threat Modeling (to me a key piece of the engineering process)