The goals of the Security Development Lifecycle (SDL), now embraced by Microsoft, are twofold: to reduce the number of security-related design and coding defects, and to reduce the severity of any defects that are left.
Link: msdn.microsoft.com
Link: msdn.microsoft.com
