Chapter 5. Stage 0: Education and Awareness

In this chapter:

A Short History of Security Education at Microsoft

Ongoing Education

Types of Training Delivery

Exercises and Labs

Tracking Attendance and Compliance

Measuring Knowledge

Implementing Your Own In-House Training

Key Success Factors and Metrics

We are often asked why the Security Development Lifecycle (SDL) has been so successful at reducing vulnerabilities in Microsoft software. There are two very simple answers: executive support, and education and awareness. Getting Bill Gates and Steve Ballmer 100 percent committed to SDL was critical (Microsoft 2002), but nearly as critical in security work is an educated engineering workforce.

If your engineers know nothing about basic security tenets, common ...

Get Security Development Lifecycle now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial