With Agile release cycles taking as little as one week, there simply isn’t enough time for teams to complete all of the SDL requirements for every release. On the other hand, there are serious security issues that the SDL is designed to address, and these issues simply can’t be ignored for any release—no matter how small.
Integrating the two worlds is not as difficult as it might seem—at its heart, the SDL defines tasks, and these tasks can be mapped into an Agile development process.
This documentation is not an exhaustive reference on the SDL process as practiced at Microsoft. Additional assurance work may be performed by product teams (but not necessarily documented) at their discretion. As a result, this example should not be considered as the exact process that Microsoft follows to secure all products.
This documentation is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it.
This documentation does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.
© 2012 Microsoft Corporation. All rights reserved.