Microsoft to release security tools

By

Microsoft announced that it would make available three Security Development Lifecycle programs and tools to help the industry improve security and privacy technology.


Microsoft announced that it would make available three Security Development Lifecycle (SDL) programs and tools to help the industry improve security and privacy technology.

The SDL Optimization Model, the SDL Pro Network, and the Microsoft SDL Threat Modeling Tool are expected to be available this quarter.

Microsoft developed SDL in 2004 to address security vulnerabilities in its software. It's credited with reducing vulnerabilities in Vista and SQL Server.

“The need to build and preserve trust in computing, coupled with the need to protect critical infrastructures, means that all software vendors must build security and privacy into their products,” Steve Lipner, Microsoft's senior director of security engineering strategy, Trustworthy Computing Group told SCMagazineUS.com on Wednesday.

“The Microsoft Trustworthy Computing Group is committed to help make the online world more secure for customers. One way we're doing this is by sharing our SDL best practices and making the tools freely available to organizations outside of Microsoft.”

For the software industry, Lipner added, the key to meeting today's demand for improved security and privacy is to implement repeatable processes that reliably deliver measurably improved security and privacy.

“Such a process is intended to minimize the number of security vulnerabilities in the design, coding and documentation, and to detect and remove those vulnerabilities as early in the development lifecycle as possible.”

The Microsoft SDL threat modeling tool provides automatic guidance on creating the threat models and analyzing them. The tool also integrates with vulnerability tracking systems and incorporates the threat modeling process into the standard development process.

The SDL Optimization Model is designed to help create a long-term plan for building and achieving security assurance in software. The model identifies cost-effective ways to attain measurable security process improvements with realistic resources.

Both of those offerings are free.

The SDL Pro Network members are security consultants from the United States and Europe who specialize in application security.

While SDL won't solve all security problems, Matt Sergeant, senior anti-spam technologist at MessageLabs, a business security services company, said it will be helpful in allowing organizations to put a good security structure in place.

“It's a good thing that people will have access to SDL,” Sergeant told SCMagazineUS.com. “It will make security a focus for companies.”

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
microsoftreleasesecuritytotools

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?