Microsoft to Release Internal Security Tools

Microsoft began to take security of their operating systems and applications around 2001 when coding problems in many of its products left open doors to a whole wave of malicious programs.

Things such as self-propagating worms crashed e-mail servers, created botnets and stole users personal information. These issues ended up costing end users and large corporations a lot of money in damages. On the flip side it proved quite lucrative for the technical support industry – a lot of money was to be made during that time period.

Microsoft will soon be releasing internal tools and methods it has used over the past little while. These tools were used to reduce the number of security issues in current products, and two of the tools will be free: the SDL Optimization Model and the SDL Threat Modeling Tool 3.0. Both tools will be available for download from the Microsoft SDL website in November.

Here is a brief history behind all of this:

In early 2002 Bill Gates launched the Trustworthy Computing Initiative. Two years later, the company refined something called the Security Development Lifecycle (SDL) – essentially a process to ensure it writes near-bulletproof code. Use of the SDL over the past while has reduced the number of security issues in its new flagship operating system – Window Vista, as well as SQL Server.

Microsoft believes that extending the SDL to Independent Software Vendors (ISV) and other developers for enterprises such as banks, will add confidence to Microsoft software designed for Windows. Quoting Steve Lipner of Microsoft’s SDL team:

« “If somebody is using a third-party application on the Microsoft platform, they are still a Microsoft customer. We want their computing experience to be safe and secure.”

“We think this is going to be a great resource for people who want to get into the SDL and need to figure out how to they get started.” »

Most third-party applications built for the Windows platform is not coded with state-of-the-art security practices in mind, but Microsoft would like to make developers a little more aware. Microsoft can make your operating system as tight as possibly can, but the moment you install a third party application you need to wonder – what kind of holes did this program just open up?

  • jhansonxi
    There have been other tools released over the years like the Microsoft Baseline Security Analyzer:
    http://technet.microsoft.com/en-us/security/cc184924.aspx
    Reply