Stakes are High for Vista Security: Page 2

(Page 2 of 2)

Why is this security defect such a big deal, you may be asking. We see defects reported in XP on a nearly daily or at least weekly basis, after all. I’ll tell you. My fear is that the SDL itself could be sacrificed if it’s believed to have failed, which would be a tremendous setback for all (secure) software development.

Related Articles
Mac vs. Linux: Which is More Secure?

Is the Mac Really More Secure than Windows?

IT In 2007: Budget and Trends

The Emerging Dell-Linux-Apple War

FREE IT Management Newsletters

You see, it’s not that the SDL is necessarily the best way of developing secure software. How many other software developers have to deal with the sorts of issues as Microsoft does? Seriously, how many people can claim that their general-purpose software will be used by hundreds of millions of people for everything from emailing the latest jokes to running mission-critical software at the largest enterprises? Not so simple to make security decisions that appease such a vast spectrum of users, is it?

Without a doubt many software development organizations – even large ones – will find Microsoft’s SDL as not quite meeting their needs. Heck, it’s not even the only game in town. There are several other lighter-weight security development processes readily available. The Open Web Application Security Project (OWASP) has its CLASP process, for example. Cigital has its “touchpoint” model. (Both of these can be freely downloaded, via here and here, respectively.) The list goes on.

But none of that is important. The fact is that the SDL is what Microsoft uses, and its future, along with the future of software security trends at Microsoft, is very much on the hook right now. Because of the sheer vastness of their market share, we all stand to lose out of the SDL fails. It is said that a rising tide raises all the ships in a harbor; well, then it stands to reason that a retreating tide lowers all the ships in a harbor just as equally.

For that reason, count me in as a supporter of the SDL. Long live the SDL.


Page 2 of 2

Previous Page
1 2
 





0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.