A great article from InfoWorld discusses Microsoft’s success in improving security of its software.  In a few version cycles, Microsoft has truly moved from the laughing stock of security issues to a leader.  Much of the success is attributed to the Security Development Lifecycle that provides security guidance at every stage of development.  A great paragraph from the article states,

“It isn't just press talk alone. Every common security and vulnerability metric shows Microsoft's software security has dramatically improved over the years, especially compared to its main competitors. Vulnerabilities found by employees and external researchers are down well over half from just a few years ago. For some products, such as IIS and SQL Server, the improvement is startling, going from dozens of exploits a year to barely a handful over five years.”

The great thing about SDL is that Microsoft isn’t keeping it to itself.  SDL practices are being promoted to the community at large and are encouraged in application to all software developed on Windows.  Majority of the principles also apply to non-Microsoft operating systems as well.  Apple OS X and Linux developers would be wise to review some of the good work.

 

microsoft security elves