Menu
Microsoft looks to spread secure software expertise

Microsoft looks to spread secure software expertise

Slates free developer tools for November, hopes other vendors write more secure code

Microsoft said Tuesday it will export some of its expertise in writing secure code to developers outside the company with several new initiatives, including a pair of free tools it plans to unveil in November.

The company has distilled some of the experience gained during the past five years through its Security Development Lifecycle (SDL) process and philosophy into the Threat Modeling Tool 3.0 and the Optimization Model. It will make both available for free download in two months.

"We're put a lot of emphasis on tool developments to build more secure software," said Steve Lipner, senior director of security engineering strategy in Microsoft's Trustworthy Computing group and the co-author of The Security Development Lifecycle . "But as we've moved SDL more and more into the culture of our company, we've been watching what's happening on the outside."

And Microsoft isn't liking what it sees.

Microsoft, claimed Lipner, has nearly halved its share of the total disclosed vulnerabilities from the first six months of 2007 to the same period this year, from 4.2 percent to 2.5 percent. Credit, he said, goes to SDL and Microsoft's increased emphasis on writing more secure code.

It wants to share that knowledge, he added, and for a selfish reason. "We want to move toward a more secure Internet, and it's important that there is secure development not only for our software, but also for other software that our customers use," Lipner said, explaining why Microsoft is proselytizing SDL to outside developers.

Of the two free downloads slated for November, the SDL Threat Modeling Tool 3.0 has the longest lineage. According to Lipner, the tool has been in existence since 1998 or 1999, and has gone through eight iterations within Microsoft, where it's been used by internal developers.

The 3.0 version has been in development for more than a year, said Adam Shostack a senior program manager on the SDL team, and is designed for developers who may not have a clue about the nuts and bolts of security.

"Threat models focused around attacks, or how attackers think, don't work for the typical software engineer," said Shostack. "They need to start from something that they're already familiar with."

With that in mind, Microsoft crafted the Threat Modeling Tool to focus on the software design process; it then built guidance and advice into the tool.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoft

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments