As a result of new initiatives and requirements like the Payment Card Industry Data Security Standard (PCI-DSS), many organizations are building comprehensive application security programs for the first time. To do so, a number of those concerns are looking to the proven success of the Microsoft Security Development Lifecycle (SDL). This can be a very smart business move, but it's important to understand how the engineering focus of the SDL makes it different from the typical security-compliance effort. This month I'm going to address some of the ways to harmonize compliance-focused programs with security engineering to improve your software development practices.
展开▼
