… I would adopt Microsoft's SDL. It wouldn't be too hard, simply issue a press release or perhaps re-organize a bit. After all, most big companies are following similar processes anyway.
Microsoft would then get the credit if there are fewer vulnerabilities but also get the blame for every vulnerability created. I think offloading that burden would be worth it.
so… you punt the blame to other people, and you don’t actually have to implement an SDL?
Great tactics!
Provide proof of one other “big company” that has an SDL anywhere near close to Microsoft’s. Not a one has a decent SDL, except Microsoft.
@[blank]
What is it about your SDL that you think is particularly unique in the development world? Please be specific. Thanks.
Pete