Microsoft releases free security tool for developers


Microsoft releases free security tool for developers

Warwick Ashford

Microsoft has released a public version of the latest update to an internal threat modelling tool used by its software engineers to develop secure code.

The tool was developed to support Microsoft's internal Security Development Lifecycle (SDL) initiative, but is now available as a free public download for Visio 2007.

The SDL, which has been mandatory microsoft-wide policy since 2004, introduces security and privacy practices early in the development process.

SDL is a risk-based software development methodology which aims to protect end-users by reducing the number and severity of vulnerabilities in code.

Adam Shostack, Microsoft's SDL senior program manager said the Threat Modeling Tool is a core element of the SDL developed with feedback from Microsoft's software engineers.

"We decided to release this tool because we realised it was not specific to our processes, but could also help outside software developers," he said.

The tool enables software architects to communicate about the security design of their systems, analyse those designs for potential security issues, and suggest mitigations for security issues.

"This acts as a very nice first tool to help software development teams get started in following SDL," said Shostack.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy