Microsoft is to release publicly a threat modelling tool
it uses internally to help software developers create more secure
software.
The tool can display threats in a diagram after information such
as usage scenarios and the environment in which the application
will run is entered, said senior program manager for security
engineering and communications Microsoft Michael Howard, speaking
at the company's Professional Developers Conference in Los
Angeles.
Microsoft's decision to ship Windows Server 2003 with a
locked-down Internet Explorer Web browser was made based on threat
modelling.
"We reduced the attack surface based on the threat models," said
Howard. "Threat modelling is so important. You cannot build secure
software unless you understand your threats."
Microsoft's security approach for Windows Server 2003 has proved
successful, said Mike Nash, corporate vice president at Microsoft's
Security Business Unit. "Our goal was to cut vulnerabilities in
half; we've exceeded our goal."
There have been six vulnerabilities deemed "important" or
"critical" for Windows Server 2003 since its release last April
against 21 vulnerabilities in the same period of time after the
Windows 2000 Server release, according to Nash.
The threat modelling tool is being prepared for external release
and should be available to developers "soon" on Microsoft's
GotDotNet online community for developers, at
http://www.gotdotnet.com.
Microsoft is also releasing Prefix, another in-house tool which
features a toolkit to analyse source text for common errors, and
Prefast, an analysis tool for source text.
Yet another tool, FxCop, was distributed to PDC attendees and is
available for download. FxCop was originally meant to enforce
software design rules but is now used to analyse code for security
problems.
Joris Evers writes for IDG News
Service