Security Innovation Chosen to be Part of the Microsoft SDL Pro Network

Security Innovation, the authority on software security and leading provider of vulnerability assessment, training and software risk products and services, today announced that it has been selected among nine vendors to participate in the Microsoft SDL Pro Network. This exclusive group of software security vendors will help organizations formally roll out the SDL (Security Development Lifecycle), the industry-leading software security assurance process, which was created by Microsoft in 2004.

Microsoft announced the SDL Pro Network on September 16th and will formally launch the pilot program in November 2008.

The SDL Pro Network is part of Microsoft's Trustworthy Computing commitment to helping organizations build and deploy more secure software. Security Innovation was selected based on its deep knowledge of software security and extensive experience providing products for secure coding and testing as well as training and consulting services on the Microsoft platform. To Microsoft, the SDL is more than just a mandatory internal policy--it's a paradigm shift to drive the improvement of software security and privacy.

"Security Innovation's knowledge of and experience with Microsoft's SDL process makes them a great fit for the SDL Pro Network," said David Ladd, principal security program manager in Microsoft's Trustworthy Computing group. "In conjunction with the other eight pilot program participants, the experts at Security Innovation will help to convey the secure development processes and training concepts found within the SDL to the software development community, thereby helping to create a more trustworthy computing experience for consumers."

"Organizations have been slow to adopt software security because there has not been accepted best practices for the secure development of software.

Microsoft by bringing their SDL public via their partner program should bring direction to the building of a comprehensive secure software development process", said IDC analyst Charles Kolodgy. "Security Innovation has been a leader in delivering best practices and SDL requirements to Fortune 500 organizations. As a Pro Network provider they are in a position to help a myriad of organizations seeking to commit to and execute on comprehensive secure software development lifecycle programs"

"With the SDL, Microsoft is clearly establishing itself as a major thought leader in the area of software security best practices, and this initiative has the potential to be an industry standard," said Nick Allen, Vice President of Marketing at Security Innovation. "We are very excited to be part of this program, and believe that our deep and broad domain expertise in software security and the SDL, combined with our specialized tools that map to specific SDL activities, positions us as a complete SDL Pro Network Partner.

As an SDL Pro Network member, Security Innovation will be paired with organizations that seek SDL services via Microsoft's SDL Pro Network Web site and SDL events. SDL Pro Network members will provide combinations of SDL training and/or consulting services regionally and, Security Innovation, having presence on multiple continents; can offer complete training and consulting worldwide.

As a value-added SDL Pro Network provider, Security Innovation will provide state-of-the art tools that were designed specifically with the SDL in mind. The tool suite includes Holodeck, which conducts attack surface analysis, fuzz testing and dynamic analysis/testing, TeamMentor, which provides just-in-time guidance on secure development best practices, and CxSuite, which performs security source code analysis. The company also offers e-Learning software products so organizations can train at their own pace on topics like Creating Secure Code and Security Testing.

About the Microsoft SDL
Part of Microsoft's Trustworthy Computing tenet, the Security Development Lifecycle (SDL) is the process Microsoft developed to provide customers with high-quality, meticulously engineered and rigorously tested software that helps withstand malicious attacks.

The SDL is an industry-leading software security assurance process, and has been a Microsoft-wide initiative and a mandatory policy since 2004. The SDL has played a critical role in embedding security and privacy in Microsoft software and culture. Combining a holistic and practical approach, SDL introduces security and privacy early and throughout all phases of the development process. For more information on Microsoft's Security Development Lifecycle, please visit: http://www.microsoft.com/sdl.