Microsoft Security Development Lifecycle (SDL) Appendix

Appendix A: Privacy at a Glance

Appendix B: Security Definitions for Vulnerability Work Item Tracking

Appendix C: SDL Privacy Questionnaire

Appendix D: Firewall Rules and Requirements

Appendix E: Required and Recommended Compilers, Tools, and Options for All Platforms

Appendix F: SDL Requirement: No Executable Pages

Appendix G: SDL Requirement: No Shared Sections

Appendix H: SDL Standard Annotation Language (SAL) Recommendations for Native Win32 Code

Appendix I: SDL Requirement: Heap Manager Fail Fast Setting

Appendix J: SDL Requirement: Application Verifier

Appendix K: SDL Privacy Escalation Response Framework (Sample)

Appendix L: Glossary

Appendix M: SDL Privacy Bug Bar (Sample)

Appendix N: SDL Security Bug Bar (Sample)

Appendix O: Security Plan (Sample)

Appendix P: SDL-Agile Every-Sprint Requirements

Appendix Q: SDL-Agile Bucket Requirements

Appendix R: SDL-Agile One-Time Requirements

Appendix S: SDL-Agile High-Risk Code

Appendix T: SDL-Agile Frequently Asked Questions

Appendix U: SDL-LOB Risk Assessment Questionnaire

Appendix V: Lessons Learned and General Policies for Developing LOB Applications

Content Disclaimer

This documentation is not an exhaustive reference on the SDL process as practiced at Microsoft. Additional assurance work may be performed by product teams (but not necessarily documented) at their discretion. As a result, this example should not be considered as the exact process that Microsoft follows to secure all products.

This documentation is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it.

This documentation does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

© 2012 Microsoft Corporation. All rights reserved.

Licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported