Quiz Entry - updated: 2026.07.14
What are the three pillars of a secure SDL process according to Microsoft SDL?
Education, Process, and Accountability — train people, give teams a defined secure process, and tie release sign-off to meeting it.
Microsoft's Security Development Lifecycle (SDL) rests on three pillars that span the whole development flow:
| Pillar | What it means |
|---|---|
| Education | Administer and track security training so developers know the threats. |
| Process | Guide product teams to meet defined SDL requirements at each phase. |
| Accountability | Establish release criteria and require sign-off (a Final Security Review) before shipping. |
Why these three: training without a process gives knowledgeable teams no structure; a process without accountability gets skipped under deadline pressure; accountability without education just blocks releases nobody knows how to unblock. Together they make security a continuous, ongoing improvement rather than a one-off gate.