What Products and Services Are Required to Adopt the SDL Process?
- Any software release that is commonly used or deployed within any organization, such as a business organization or a government or nonprofit agency.
- Any software release that regularly stores, processes, or communicates PII or other sensitive information. Examples include financial or medical information.
- Any software product or service that targets or is attractive to children 13 years old or younger.
- Any software release that regularly connects to the Internet or other networks. Such software might be designed to connect in different ways, including:
- Always online. Services provided by a product that involve a presence on the Internet (for example, Windows® Messenger).
- Designed to be online. Browser or mail applications that expose Internet functionality (for example, Microsoft Office Outlook® or Microsoft Internet Explorer®).
- Exposed online. Components that are routinely accessible through other products that interact with the Internet (for example, Microsoft ActiveX® controls or PC–based games with multiplayer online support).
- Any software release that automatically downloads updates.
- Any software release that accepts or processes data from an unauthenticated source, including:
- Callable interfaces that “listen.”
- Functionality that parses any unprotected file types that should be limited to system administrators.
- Any release that contains ActiveX controls.
- Any release that contains COM controls.
Src: Microsoft's Security Development Lifecycle
0 comments:
Post a Comment