Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Microsoft offers security design tools to world

The SDL that rescued XP.

By John Dunn | Published: 14:00, 16 September 2008

Microsoft has decided to offer the world the software development lifecycle (SDL) it used in-house to rescue the security design of Windows from XP SP2 onwards.

The main part of the SDL is the Optimisation Model, a detailed set of guidelines the company hopes third-party developers will use to build security-aware applications for the Windows platform. Accompanying this will be Threat Modelling Tool, which can be used by developers to analyse their software design before coding is undertaken.

The theory behind SDL is impeccable - it's always cheaper and simpler to fix problems during program design than after when the product is being used in real-world situations.

"Threat modelling activities have historically been expert-led, but now any software architect will be able to use the Microsoft SDL Threat Modelling Tool 3.0 effectively. Designed specifically for use by any software architect, the tool embeds prescriptive, at-a-glance help throughout its use," says Microsoft's publicity materials for the tool.

Although buried deeper in the announcement, perhaps the most intriguing aspect of the SDL is Microsoft's plan to kick-start an ‘SDL Pro Network', a collection of organisations offering support services built around the initiative. Currently in its pilot phase, nine companies have signed up to be involved for year one, the company said.

SDL started life in 2003 as part of Microsoft's response to the very public security design problems of Windows XP, released in 2001. Accused of underestimating security, Microsoft conducted a major security overhaul for the Service Pack 2 update to XP, released in August 2004, and vowed to make XP's successor, Vista, secure from the ground up. By 2004, the SDL had become a mandatory part of all development within the company.

"It's really about culture change more than anything else," said Microsoft's SDL expert Glenn Pittaway. "We think it is actually an evolution of Trustworthy Computing. The next step is to make this more widely available," he said. According to Pittaway, the SDL was technology-agnostic

Further information on the SDL can be found on Microsoft's website, with the Modelling Tool downloadable from an undisclosed date in November.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.