Home > IT Blogs > Security Bytes > Microsoft SDL documentation goes open source
>>VIEW ALL POSTS  

Security Bytes

« Malicious widget infects Network Solutions hosted websites
“Here you have” email worm spreads »
Aug 30 2010   1:15PM GMT

Microsoft SDL documentation goes open source



Posted by: Robert Westervelt
Microsoft Security, SDL, Secure software development

Materials outlining Microsoft’s Security Development Lifecycle will be transferred to a Creative Commons license. SDL tools and templates remain under an exclusive Microsoft license.

Microsoft’s Security Development Lifecycle is officially going open source. The software giant said it plans to place its SDL documentation under a Creative Commons license.

A Creative Commons license gives anyone the ability to copy and distribute Microsoft’s SDL documentation. Companies also have the ability to change the work, adapting it so it can be applied to their own development environment. Under the license, the Microsoft SDL cannot be sold or used commercially and Microsoft needs to be credited with the work.

“This shift in licensing makes SDL content more accessible and portable, and allows software and application developers around the industry to better tailor and incorporate elements of the SDL into their own development lifecycles,” said David Ladd, principal security program manager.

Microsoft began to more formally make its SDL more public with its customers in 2008 when it unveiled the SDL pro network. Prior to that, the company informally released parts of its development processes under its Trustworthy Computing Program.

SDL materials were under an exclusive Microsoft license. The new copyright model is more flexible and could encourage developers to build upon the SDL and incorporate security and privacy into their development processes, Ladd said.

The Microsoft SDL is in its fifth version. It illustrates the way the software maker applies security to its products. The documentation gives guidance on a number of different development methodologies, including Waterfall, Spiral development and Agile development. A simplified version is also available to guide companies through implementation.

Over time, white papers, case studies and other materials will undergo license conversion, Ladd said. Microsoft’s templates and threat modeling tools will remain under the standard Microsoft license.

  Bookmark and Share     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register

Rgmoon  |   Dec 25 2010   5:27AM GMT

You are exactly doing work according to requirements of present times. It is need of the day to know abut IT and products related to it. Thanks for this wonderful and informative post.
birmingham times