Doug Van
asked on
What is the difference between SDL and SDLC?
Hello all,
It's strange that I Google searched and found no answer because even Microsoft has asked their community for opinions on changing this sometimes confusing initialism.
Generally...
SDL = Secure Development Lifecycle
SDLC = Software Development Lifecycle (supported by Microsoft)
But my question is really about what are the differences between the two lifecycles? That is the question that I was surprised not to easily find in a Google search. It's like I am the first person, ever, to ask this question. LOL
I think I know the difference, but I don't want to influence my thoughts in this question.
Thank you. :)
It's strange that I Google searched and found no answer because even Microsoft has asked their community for opinions on changing this sometimes confusing initialism.
Generally...
SDL = Secure Development Lifecycle
SDLC = Software Development Lifecycle (supported by Microsoft)
But my question is really about what are the differences between the two lifecycles? That is the question that I was surprised not to easily find in a Google search. It's like I am the first person, ever, to ask this question. LOL
I think I know the difference, but I don't want to influence my thoughts in this question.
Thank you. :)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Apologies.
Sometimes... er... most of the time, I need to move on to a different project, and then temporarily forget my EE questions. But this is still an important project.
Thanks again to everyone for your valuable assistance.
For my next steps, I need to build a custom SDL and OWASP curriculum. I plan to draw material from the following resources. I welcome any other good resources:
SDL
What is the secure software development life cycle (SDLC)? https://www.synopsys.com/blogs/software-security/secure-sdlc/
https://www.class-central.com/tag/sdlc
https://www.microsoft.com/en-us/sdl
https://www.wiziq.com/tutorials/sdlc
https://www.netcomlearning.com/courses/8991/Fundamentals-of-SDLC-training.html
OWASP
https://owasp-academy.teachable.com/
https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project
Sometimes... er... most of the time, I need to move on to a different project, and then temporarily forget my EE questions. But this is still an important project.
Thanks again to everyone for your valuable assistance.
For my next steps, I need to build a custom SDL and OWASP curriculum. I plan to draw material from the following resources. I welcome any other good resources:
SDL
What is the secure software development life cycle (SDLC)? https://www.synopsys.com/blogs/software-security/secure-sdlc/
https://www.class-central.com/tag/sdlc
https://www.microsoft.com/en-us/sdl
https://www.wiziq.com/tutorials/sdlc
https://www.netcomlearning.com/courses/8991/Fundamentals-of-SDLC-training.html
OWASP
https://owasp-academy.teachable.com/
https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project
ASKER
Thanks again.
I would love to hear about your favorite resources on these topics, or appsec in general.
FYI, I have also been listening to the following podcasts:
Steve Gibson's Security Now
The Secure Developer
Application Security (Chris Romeo, Robert Hurlbut)
In my developer appsec (SDL and OWASP) training program, I intend to offer a number of good resources for my developers... including Podcasts like the above.
I would love to hear about your favorite resources on these topics, or appsec in general.
FYI, I have also been listening to the following podcasts:
Steve Gibson's Security Now
The Secure Developer
Application Security (Chris Romeo, Robert Hurlbut)
In my developer appsec (SDL and OWASP) training program, I intend to offer a number of good resources for my developers... including Podcasts like the above.
This maybe of interest and probably consider DevSecOps as future topic for discussion as CI/CD is the chaining of SDL processes in an automated fashion for code build and release.
https://www.owasp.org/index.php/Phoenix/Tools
https://www.owasp.org/index.php/Phoenix/Tools
ASKER
This is what I was thinking, based on what I inferred from reading messages from MS people.
SDL - Secure Development Lifecycle relates to the whole system and steps to ensure that software is secure. This system involves developers and and ops engineers.
SDLC - Software Development Lifecycle. This relates specifically to the processes involved during the requirements planning and architecture, coding, testing, and release and maintenance phases.
Your thoughts?