Microsoft has announced its Declaration of Conformity to ISO 27034-1, a first-of-its-kind security standard that focuses on the processes and frameworks needed to build a comprehensive software security program.
Announced at the company's Security Development Conference, in San Francisco, this week, the declaration identifies Microsoft's Security Development Lifecycle (SDL) as an example that can help other businesses conform to the standard. In other words, Microsoft says organisations that use its SDL are therefore closer to compliance themselves.
Microsoft's SDL is a 'holistic and comprehensive approach for developing more secure software and services'. The company says software that is developed using its SDL is more secure, and less vulnerable to exploits.
The software giant says its SDL either meets or exceeds ISO 27034-1 requirements.
ISO 27034-1 has implications for businesses that sell software, says Microsoft, as it provides a common validation language, offers a clear and simple outline for adopting a security development framework, and serves as a competitive advantage in the marketplace.
In addition, it gives customers buying software or services a single 'language' to demand secure development across industries, platforms and regions.
According to a report commissioned by Microsoft, and prepared by Reavis Consulting Group, called "The emergence of software security standards: ISO/IEC 27034-1:2011 and your organization", "software consumers, especially large organisations, have a responsibility to understand the secure software development practices that were used to build the software products that they purchase. Towards this end, consumers should encourage transparency in the documentation of secure development life cycle programmes and should acknowledge software producers who adopt secure development standards."
Share