Newsletters Welcome, Guest Log In | Register
Blogs:

Kachina Shaw

Microsoft News and Notes

Observations about Microsoft, the world’s largest software vendor

About this Blogger RSS

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

0

Microsoft Set to Share Software Development Lifecycle Tools with Safety-Conscious Developers Everywhere

Posted by Kachina Shaw Sep 17, 2008 3:30:58 PM

Internal security tools at Microsoft are set to be shared with developers outside the company. The software development lifecycle (SDL) is mandatory for all dev projects in Microsoft, and has been in place since XP SP2 in 2004. This Techworld article has a succinct explanation of its inception and history.

 

Now, beginning in November, outside developers may download the SDL Threat Modeling Tool 3.0, which can show developers the specific types of vulnerabilities and larger threats their project faces, whether the dev team is experienced in security or not.

 

They'll also have access to the Optimization Model, which analyzes where a team lands in terms of secure development practices in comparison with others, and provides steps to improve that position.

 

Microsoft execs say the SDL produces results; the vendor's share of total reported vulnerabilities has been cut almost in half from the middle of 2007 to the middle of 2008. Part of that shift comes from the built-in security practices, but part of it also comes from the fact that other vendors' products are falling victim to vulnerabilities. And that's why, Microsoft says, it's taking the step to share these security tools with those other vendors. If they're put in place, vendors and users will be rewarded with a "safer Internet," as Microsoft's Steve Lipner describes it. Microsoft would also like it if you thought of this step as a continuation of the Trustworthy Computing initiative.

 

The third part of this announcement is a pilot program, the SDL Pro Network. For a fee, clients will have access to consulting and training services from nine third-party vendors, based on the SDL. The list of vendors providing services, according to Dark Reading, includes Cigital, IOActive, NGS Software and Verizon Business.

 

The Register reports that at an MIS Training Institute IT Security World Conference session this week, Mozilla Corporation CSO and former Microsofty Willow Snyder spoke on the improvements that could be realized industrywide if leading vendors like Microsoft and Apple, specifically, shared their expertise on building in security precautions from the beginning of development projects.

 

See the SDL blog at Microsoft for more.

Related Content

Add a comment Leave a comment on this blog post.

There are no comments on this post

Related Content

Browse

Topic: Microsoft

Microsoft has cornered software market with its Windows product line and associated apps

Blog: Is Integration Key to Microsoft's Success in the Cloud?

Article: Microsoft's PowerPivot Puts BI Users More in Control

News: Microsoft Helps Discover Flaw in Google Plug-In for IE

Related Topics

Application Security, Software and Web Development

Featured White Papers

Browse

Lowering Your IT Costs with Oracle Database 11g Release 2

This white paper identifies the key capabilities a database management solution needs to successfully deliver more information with higher quality of service, make more efficient use of IT budgets, and reduce the risk of change in data centers.

Software Forum: Information On Demand Virtual Experience

This interactive virtual forum presents leading IT experts providing the insights you need to turn your information into a strategic driver for innovation, business optimization and competitive differentiation.

Resource Centers

Browse

Mobile Computing Optimization

Mobile computing solutions, tips, and expert commentary that increases the usability and bottom-line benefits of your mobile computing assets.

Featured Whitepapers

It Pays to Understand the Total Cost of Ownership (TCO) for Mobile Computers

Cost Cutting through Server Consolidation

Products, management tools, and industry insights that enhance the value of virtualization for your business.

Featured Whitepapers

The Business Case for Virtualization

Data Management

Data management tips and techniques that insure ease of access, comprehensive security and absolute privacy for your invaluable company information.

Featured Whitepapers

Lowering Your IT Costs with Oracle Database 11g Release 2

Application Grid

Learn more about this middleware layer that pools and dynamically provisions infrastruction application delivery resources to lower costs and improve efficiency.

Featured Whitepapers

Application Grid: The Ideal Platform for IT Consolidation

Premium Tools

Browse

Windows 7 Upgrade Project Kit

Moving to Windows 7? The Windows 7 Upgrade Project Kit is the ideal support tool for managing all phases of an organizational upgrade to Windows 7. The tools and templates in this kit will help you develop a strategy and map out the implementation tactics which link your Windows 7 deployment to your company's bottom line.

Learn more >

Social Media Policies Toolkit

Define the rules at your company for the proper use of social media platforms such as Blogs, Twitter, Facebook and Youtube. Ensure your users are spending their time productively and company resources are being used for the business.

Learn more >