Microsoft introduced its SDL in 2004, successfully uses and regularly updates it. Secure Development Lifecycle (SDL) is a process that helps to build more secure software. Describe obstacles we meet and how we overcome them.
No matter what, security incidents happen.
MICROSOFT SDL THREAT MODELING TOOL ADVANTAGES SOFTWARE
The software may change (e.g., it may introduces new features with new attack vectors), the market can change (e.g., more people can start using the software, so it may become more attractive to attackers), and the environment where the software is used may change (e.g., from an intranet solution it may become a public cloud based solution). If a company has no security incidents so far, does it mean that its security measures are adequate and it should not put additional investments in security? It is really hard to say yes or no. I would say this explanation is clear if there is no unknown variable there, i.e., the potential loss. What does “ adequately” mean? For me, security measures are adequate if an investment to them is less than loss caused if these measures were not implemented. Unfortunately, it does not necessary mean that security is adequately considered in every piece of software.
Nowadays, security becomes an important aspect of almost every software system.