In a June 2007 report, the U.S Government Accountability Office (GAO) described cybercrime as “having significant economic impacts and a threat to U.S. national security interests”:
· A 2005 FBI survey estimated that U.S. businesses lost $67.2 billion because of cyber crime.
· The estimated losses associated with identity theft in 2006 are $49.3 billion.
As software becomes the target for criminals, it is more critical than ever to make security an integral part of the software development process. Ever since Bill Gates’ 2002 Trustworthy Computing memo Microsoft has been infusing security into its software development lifecycle with the goal of protecting customers by reducing the number and severity of vulnerabilities in code.
Introducing: The Microsoft Security Development Lifecycle (SDL)
The Microsoft SDL is the industry-leading software security assurance process. A Microsoft-wide initiative and a mandatory policy since 2004, SDL has played a critical role in embedding security and privacy in Microsoft software and culture. Combining a holistic and practical approach, SDL introduces security and privacy early and throughout the development process. . It has led Microsoft to measurable and widely-recognized security improvements in flagship products such as Windows Vista and SQL Server.
Go to www.microsoft.com/sdl to learn more about the Microsoft SDL and how you can leverage SDL resources and best practices to “bake security in” to your software applications.