Microsoft has released a public version of the latest update to an internal threat modelling tool used by its software engineers to develop secure code.
The tool was developed to support Microsoft's internal Security Development Lifecycle (SDL) initiative, but is now available as a free public download for Visio 2007.
The SDL, which has been mandatory microsoft-wide policy since 2004, introduces security and privacy practices early in the development process.
SDL is a risk-based software development methodology which aims to protect end-users by reducing the number and severity of vulnerabilities in code.
Adam Shostack, Microsoft's SDL senior program manager said the Threat Modeling Tool is a core element of the SDL developed with feedback from Microsoft's software engineers.
"We decided to release this tool because we realised it was not specific to our processes, but could also help outside software developers," he said.
The tool enables software architects to communicate about the security design of their systems, analyse those designs for potential security issues, and suggest mitigations for security issues.
"This acts as a very nice first tool to help software development teams get started in following SDL," said Shostack.