Back when I was working as a consultant for Microsoft, I had the opportunity to spend time advising customers on how to think about securing their applications. It was amazingly rewarding to take a simple process and to apply it with such great results. I was constantly surprised by the risks we uncovered by adopting this kind of process that we would have otherwise overlooked.

Over the last several years, Microsoft has developed well-defined and repeatable processes to follow when considering the threats, potential vulnerabilities, and mitigation strategies while developing applications. The Security Development Lifecycle (or SDL) is part of every team’s process at Microsoft.

We’ve recently published a couple of whitepapers discussing how the SDL has been incorporated into the product development cycle. One of these looks at Internet Explorer 8 and the Security Development Lifecycle.

There’s lots going on in the web standards world and being part of the Internet Explorer team gives me a front row seat. We’ve posted a few updates on the IE Blog relating to standards in the last few weeks:

• W3C SVG Working Group Update for January 2010
• MIX - Microsoft, W3C and SVG
• Documenting Standards in IE
• W3C HTML Working Group Publishes New Drafts
• Working with the HTML5 Community

I’m really looking forward to the feedback we get from MIX where General Manager of IE, Dean Hachamovitch, will present one of the keynote sessions and there will be a number of IE9 breakouts. Unfortunately, I won’t get a chance to be at MIX this year but I’ll be watching from afar and waiting to hear the stories my colleagues have to tell when they return.