The selection was based on Security Innovation's new software development process, which identifies security activities that development teams must follow at each phase of the application lifecycle. Microsoft has used the SDL process on several internal application development efforts and now wants to roll it out across all Microsoft product groups.

As part of this project, Security Innovation will create self-paced eLearning software courses with interactive labs and games to be used to train Microsoft software development teams on Microsoft SDL. The first courses were delivered in December 2007.

"Application security knowledge is a significant barrier to developing and deploying secure applications. One of the most effective weapons to combat this barrier is user education. Linking training courses to the various phases of the software development lifecycle (requirements, design, development, test, and deploy) is what the industry is demanding. eLearning makes detailed, technical content easily accessible in a just-in-time, ready-to-use format. A blend of face-to-face and online training is the best way to continuously monitor and refresh skills."

"Microsoft is an early adopter and trendsetter in the push for software security best practices, and this project is a testament to their efforts. This level of dedication affords Microsoft the opportunity to lead the way in building software security into the overall software development process and help eradicate a major source of computing risk", said Ed Adams, president and CEO of Security Innovation.


"Over the past year, Security Innovation has customized dozens of courses for its clients and is currently adapting eLearning curricula for several enterprise organizations. Microsoft selected Security Innovation due to the strong combination of our training and eLearning capabilities coupled with our leadership and domain expertise in application security."