Introduction
Stage 0: Education and Awareness
Stage 1: Project Inception
Stage 2: Cost Analysis
Stage 3: Design Phase: Establish and Follow Best Practices for Design
Stage 4: Design Phase: Risk Analysis
Stage 5: Implementation Phase: Creating Documentation and Tools for Users that Address Security and Privacy
Stage 6: Implementation Phase: Establish and Follow Best Practices for Development
Stage 7: Verification Phase: Security and Privacy Testing
Stage 8: Verification Phase: Security Push
Stage 9: Pre-Release Phase: Public Release Privacy Review
Stage 10: Release Phase: Response Planning
Stage 11: Release Phase: Final Security Review and Privacy Review
Stage 12: Release Phase: RTM/RTW
Stage 13: Post-Release Phase: Response Execution
The following documentation on the Microsoft Security Development Lifecycle, version 3.2 is for illustrative purposes only.
This documentation is not an exhaustive reference on the SDL process as practiced at Microsoft. Additional assurance work may be performed by product teams (but not necessarily documented) at their discretion. As a result, this example should not be considered as the exact process that Microsoft follows to secure all products.
This documentation should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented herein. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, OR STATEMENTS ABOUT APPLICABILITY OR FITNESS OF PURPOSE FOR ANY ORGANIZATION ABOUT THE INFORMATION IN THIS DOCUMENT.