Security Education at Microsoft
To build secure products, any group of developers needs to be aware of the current threats that these products face. Developers need to know the attack vectors that hackers typically use. They need to know how to analyze their products with certain threats in mind and how to mitigate those threats. They need to know the tools and techniques for increasing the security of the code base. In 2002, Microsoft introduced the Security Development Lifecycle (SDL), which infuses security and privacy into the software development lifecycle of Microsoft products.