The VMware Security Development Lifecycle (SDL) is our methodology for developing secure software through required and recommended activities that help product teams develop more secure code. These activities follow standard security practices including product security assessments, threat modeling, static and dynamic scans, and penetration testing.

The VMware Security Engineering, Communications & Response group updates our SDL methodology regularly based on evolving security awareness and practices in the industry, increasing knowledge and changing business requirements regarding the practice of software security in VMware, and internal measurements of the effectiveness of our SDL.