Was this information useful?

SDL Helps Reduce the Total Cost of Development

The National Institute of Standards and Technology (NIST) estimates that code fixes performed after release can result in 30 times the cost of fixes performed during the design phase.

As shown by the graphic below, the cost for fixing vulnerabilities is highest after an application has been deployed. In addition to the costs involved with engineering a fix for a given vulnerability, it is usually accompanied by a significant loss of user productivity. By following a defined process like the SDL, which systematically addresses software security during the development phase, vulnerabilities are more likely to be found and fixed prior to application deployment, thereby reducing your total cost of software development.

Relative cost to fix, based on time of detection

Analyst reports: Microsoft SDL adoption producing a better ROI

The Forrester Consulting State of Application Security study reported that organizations implementing an SDL process showed better ROI results than the overall surveyed population.

Aberdeen Group demonstrated how adopting an SDL process increases security and reduces the severity and cost of vulnerability incidents while generating a stronger return on investment (four-times higher) than other application security approaches.

Related Downloads	Related Links
SDL Case Studies Microsoft SDL: Return on Investment Aberdeen Group Research Report: Security and the Software Development Lifecycle: Secure at the Source Forrester Consulting Report: State of Application Security	News: Noncompliance Much More Costly Than Compliance Application Security Done Right the First Time: Secure at the Source How the SDL helps build more secure software SDL Helps Address Compliance Requirements

Microsoft® Security Development Lifecycle

Locations

Search

SDL Helps Reduce the Total Cost of Development

Analyst reports: Microsoft SDL adoption producing a better ROI