Microsoft to Release Internal Security Tools
Microsoft began to take security of their operating systems and applications around 2001 when coding problems in many of its products left open doors to a whole wave of malicious programs.
Things such as self-propagating worms crashed e-mail servers, created botnets and stole users personal information. These issues ended up costing end users and large corporations a lot of money in damages. On the flip side it proved quite lucrative for the technical support industry – a lot of money was to be made during that time period.
Microsoft will soon be releasing internal tools and methods it has used over the past little while. These tools were used to reduce the number of security issues in current products, and two of the tools will be free: the SDL Optimization Model and the SDL Threat Modeling Tool 3.0. Both tools will be available for download from the Microsoft SDL website in November.
Here is a brief history behind all of this:
In early 2002 Bill Gates launched the Trustworthy Computing Initiative. Two years later, the company refined something called the Security Development Lifecycle (SDL) – essentially a process to ensure it writes near-bulletproof code. Use of the SDL over the past while has reduced the number of security issues in its new flagship operating system – Window Vista, as well as SQL Server.
Microsoft believes that extending the SDL to Independent Software Vendors (ISV) and other developers for enterprises such as banks, will add confidence to Microsoft software designed for Windows. Quoting Steve Lipner of Microsoft’s SDL team:
« “If somebody is using a third-party application on the Microsoft platform, they are still a Microsoft customer. We want their computing experience to be safe and secure.”
“We think this is going to be a great resource for people who want to get into the SDL and need to figure out how to they get started.” »
Most third-party applications built for the Windows platform is not coded with state-of-the-art security practices in mind, but Microsoft would like to make developers a little more aware. Microsoft can make your operating system as tight as possibly can, but the moment you install a third party application you need to wonder – what kind of holes did this program just open up?
- EFiX Dongle Turns (Some) PCs into Macs
- World's First Stacked 3D Processor Created
- Apple Employee Accidentally Reveals Next-gen iPhone Details
- Hewlett Packard Cuts Nearly 25,000 Jobs
- Leaked AMD '09 CPU & Chipset Roadmap
- Intel Engineer Flip-Flops to AMD, Company Secrets Stolen?
- Microsoft's IE8 Phones Home
- A Kinder, Gentler Copy Protection for Red Alert 3
- WoW: Wrath of the Lich King Ship Date Announced
- Dolby Announces New Voice Technology at Austin GDC
- Microsoft Considered Buying Nintendo, Says EA Exec
- Scientists Create Zero-Resistance Superconductor
- Stereoscopic Glasses from Nvidia
- "Fusion" is AMD's New Future
- AMD: We Turn Bad PCs into Super PCs!
- Google Blames Microsoft for Antitrust Issues Surrounding Yahoo! Deal
- New CPUs And Price Cuts Expected By Intel
- U.S. Government Gets Sued Over Secret IP Pact
There have been other tools released over the years like the Microsoft Baseline Security Analyzer:
http://technet.microsoft.com/en-us [...] 84924.aspx