Microsoft tells its security story (in pictures)
It's been a long strange trip toward better security for Microsoft, but they've made enough progress to have both improvements to their technique and some highly interesting war stories. The company's got a new site explaining the past decade's advances, and you have a reason to read comics at work today.
The process of "baking security in" -- getting developers to think about security less as "those people who yell at us" and more as an integral part of any software-construction effort -- lends its name to Baking Security In, which details Microsoft's progress on the Security Development Lifecycle, a process involving 14 stages and checkpoints over the six stages of the software-dev cycle (requirements, design, implementation, verification, release, support/service).
Microsoft has previously estimated that adoption of the SDL strategy increases lifecycle costs by 20%. If that's a hit the company's willing to take to build security into their products, building a fairly clever educational site including "The Amazing Adventures of Kevlarr," a developer who requires some convincing (that's him above), is just part of the effort. But come for the comics and stay for the videos, as real-life, non-animated Microsofties like Steve Lipner and Michael Howard recount their memories of the days before Microsoft got security-serious.