---
title: Microsoft Security Development Lifecycle
description: Download the Microsoft Security Development Lifecycle white paper that covers a security assurance process focused on software development.
author: paolomatarazzo
ms.author: paoloma
manager: aaroncz
ms.topic: conceptual
ms.date: 07/31/2023
---

# Microsoft Security Development Lifecycle

The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. As a Microsoft-wide initiative and a mandatory policy since 2004, the SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.

[:::image type="content" source="images/simplified-sdl.png" alt-text="Simplified secure development lifecycle":::](https://www.microsoft.com/en-us/securityengineering/sdl)

With the help of the combination of a holistic and practical approach, the SDL aims to reduce the number and severity of vulnerabilities in software. The SDL introduces security and privacy throughout all phases of the development process. 

The Microsoft SDL is based on three core concepts:

- Education
- Continuous process improvement
- Accountability

To learn more about the SDL, visit the [Security Engineering site](https://www.microsoft.com/en-us/securityengineering/sdl).

And, download the [Simplified Implementation of the Microsoft SDL whitepaper](https://www.microsoft.com/download/details.aspx?id=12379).