From 5b80aaacb10bf8171a2d229ac9ac3c0e1f0784bb Mon Sep 17 00:00:00 2001
From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit>
Date: Wed, 1 Sep 2021 16:23:36 -0700
Subject: [PATCH] adding SDL asset to library

---
 windows/security/TOC.yml                           |  2 ++
 .../msft-security-dev-lifecycle.md                 | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 51021a5be7..2fb9e585d4 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -8,6 +8,8 @@
       href: threat-protection/fips-140-validation.md
     - name: Common Criteria Certifications
       href: threat-protection/windows-platform-common-criteria.md
+    - name: Microsoft Security Development Lifecycle
+      href: msft-security-dev-lifecycle.md
 - name: Hardware security
   items: 
     - name: Trusted Platform Module
diff --git a/windows/security/threat-protection/msft-security-dev-lifecycle.md b/windows/security/threat-protection/msft-security-dev-lifecycle.md
index 18ce55f174..6c23e09a9e 100644
--- a/windows/security/threat-protection/msft-security-dev-lifecycle.md
+++ b/windows/security/threat-protection/msft-security-dev-lifecycle.md
@@ -15,3 +15,17 @@ ms.technology: other
 
 # Microsoft Security Development Lifecycle
 
+The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. As a Microsoft-wide initiative and a mandatory policy since 2004, the SDL has played a critical role in embedding security and privacy in software and culture at Microsoft. 
+
+[:::image type="content" source="images/simplified-sdl.png" alt-text="Simplified secure development lifecycle":::](https://www.microsoft.com/en-us/securityengineering/sdl)
+
+Combining a holistic and practical approach, the SDL aims to reduce the number and severity of vulnerabilities in software. The SDL introduces security and privacy throughout all phases of the development process. 
+
+The Microsoft SDL is based on three core concepts:
+- Education
+- Continuous process improvement
+- Accountability
+
+To learn more about the SDL, visit the [Security Engineering site](https://www.microsoft.com/en-us/securityengineering/sdl).
+
+And, download the [Simplified Implementation of the Microsoft SDL whitepaper](http://go.microsoft.com/?linkid=9708425).
\ No newline at end of file