Microsoft wants to take what it has learned about secure software development in-house and share its insights with others. The company will offer up guidance and a tool based on Security Development Lifecycle (SDL), a security assurance process unveiled in 2004 and serving as an evolution of the company's Trustworthy Computing initiative. Deliverables include Microsoft SDL Threat Modeling Tool 3.0, for structured analysis of security and privacy issues; Microsoft SDL Optimization Model, for assessing security, and Microsoft SDL Pro Network, offering security guidance and SDL best practices. All will be available in November.

"What we're doing [what is] called SDL for the development ecosystem," said Steve Lipner, Microsoft senior director of security engineering strategy, during a meeting at InfoWorld' San Francisco offices last week.

Full Article