Microsoft releases free security tool for developers

Microsoft has released a public version of the latest update to an internal threat modelling...

Microsoft has released a public version of the latest update to an internal threat modelling tool used by its software engineers to develop secure code.

The tool was developed to support Microsoft's internal Security Development Lifecycle (SDL) initiative, but is now available as a free public download for Visio 2007.

The SDL, which has been mandatory microsoft-wide policy since 2004, introduces security and privacy practices early in the development process.

SDL is a risk-based software development methodology which aims to protect end-users by reducing the number and severity of vulnerabilities in code.

Adam Shostack, Microsoft's SDL senior program manager said the Threat Modeling Tool is a core element of the SDL developed with feedback from Microsoft's software engineers.

"We decided to release this tool because we realised it was not specific to our processes, but could also help outside software developers," he said.

The tool enables software architects to communicate about the security design of their systems, analyse those designs for potential security issues, and suggest mitigations for security issues.

"This acts as a very nice first tool to help software development teams get started in following SDL," said Shostack.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Antivirus, firewall and IDS products

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.




  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...