Microsoft releases free security tool for developers

Microsoft has released a public version of the latest update to an internal threat modelling...

Microsoft has released a public version of the latest update to an internal threat modelling tool used by its software engineers to develop secure code.

The tool was developed to support Microsoft's internal Security Development Lifecycle (SDL) initiative, but is now available as a free public download for Visio 2007.

The SDL, which has been mandatory microsoft-wide policy since 2004, introduces security and privacy practices early in the development process.

SDL is a risk-based software development methodology which aims to protect end-users by reducing the number and severity of vulnerabilities in code.

Adam Shostack, Microsoft's SDL senior program manager said the Threat Modeling Tool is a core element of the SDL developed with feedback from Microsoft's software engineers.

"We decided to release this tool because we realised it was not specific to our processes, but could also help outside software developers," he said.

The tool enables software architects to communicate about the security design of their systems, analyse those designs for potential security issues, and suggest mitigations for security issues.

"This acts as a very nice first tool to help software development teams get started in following SDL," said Shostack.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Antivirus, firewall and IDS products

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.