Microsoft Security Development Lifecycle (SDL) Appendix
Appendix A: Privacy at a Glance
Appendix B: Security Definitions for Vulnerability Work Item Tracking
Appendix C: SDL Privacy Questionnaire
Appendix D: Firewall Rules and Requirements
Appendix E: Required and Recommended Compilers, Tools, and Options for All Platforms
Appendix F: SDL Requirement: No Executable Pages
Appendix G: SDL Requirement: No Shared Sections
Appendix H: SDL Standard Annotation Language (SAL) Recommendations for Native Win32 Code
Appendix I: SDL Requirement: Heap Manager Fail Fast Setting
Appendix J: SDL Requirement: Application Verifier
Appendix K: SDL Privacy Escalation Response Framework (Sample)
Appendix M: SDL Privacy Bug Bar (Sample)
Appendix N: SDL Security Bug Bar (Sample)
Appendix O: Security Plan (Sample)
Appendix P: SDL-Agile Every-Sprint Requirements
Appendix Q: SDL-Agile Bucket Requirements
Appendix R: SDL-Agile One-Time Requirements
Appendix S: SDL-Agile High-Risk Code
Appendix T: SDL-Agile Frequently Asked Questions
Appendix U: SDL-LOB Risk Assessment Questionnaire
Appendix V: Lessons Learned and General Policies for Developing LOB Applications
Content Disclaimer
This documentation is not an exhaustive reference on the SDL process as practiced at Microsoft. Additional assurance work may be performed by product teams (but not necessarily documented) at their discretion. As a result, this example should not be considered as the exact process that Microsoft follows to secure all products. This documentation is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. This documentation does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. © 2012 Microsoft Corporation. All rights reserved. Licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported |