Materials outlining Microsoft’s Security Development Lifecycle will be transferred to a Creative Commons license. SDL tools and templates remain under an exclusive Microsoft license.
Microsoft’s Security Development Lifecycle is officially going open source. The software giant said it plans to place its SDL documentation under a Creative Commons license.
A Creative Commons license gives anyone the ability to copy and distribute Microsoft’s SDL documentation. Companies also have the ability to change the work, adapting it so it can be applied to their own development environment. Under the license, the Microsoft SDL cannot be sold or used commercially and Microsoft needs to be credited with the work.
“This shift in licensing makes SDL content more accessible and portable, and allows software and application developers around the industry to better tailor and incorporate elements of the SDL into their own development lifecycles,” said David Ladd, principal security program manager.
Microsoft began to more formally make its SDL more public with its customers in 2008 when it unveiled the SDL pro network. Prior to that, the company informally released parts of its development processes under its Trustworthy Computing Program.
SDL materials were under an exclusive Microsoft license. The new copyright model is more flexible and could encourage developers to build upon the SDL and incorporate security and privacy into their development processes, Ladd said.
The Microsoft SDL is in its fifth version. It illustrates the way the software maker applies security to its products. The documentation gives guidance on a number of different development methodologies, including Waterfall, Spiral development and Agile development. A simplified version is also available to guide companies through implementation.
Over time, white papers, case studies and other materials will undergo license conversion, Ladd said. Microsoft’s templates and threat modeling tools will remain under the standard Microsoft license.