Microsoft boosts access to secure development guidelines

Company hopes more developers will take up SDL best practices with move to Creative Commons license

Looking to broaden access to its security practices for software development, Microsoft plans to shift the licensing for its Security Development Lifecycle (SDL) documentation to the more accessible Creative Commons License, the company said on Thursday.

SDL is Microsoft's blueprint for incorporating security into applications. It has been available under an exclusive Microsoft license.

[ Microsoft in June began offering SDL guidance for its Windows Azure cloud platform. | Keep up with app dev issues and trends with InfoWorld's Fatal Exception blog and Developer World newsletter. ]

"With this more flexible copyright model, developers can now copy, distribute, and transmit SDL documentation to others in the industry, which they were unable to do before. Microsoft hopes this more open licensing will encourage developers to build upon the SDL and incorporate security and privacy throughout software development lifecycle," said David Ladd, Microsoft principal security program, in an email.

The Microsoft license has required express, written consent from Microsoft to share, copy, or transmit SDL content or processes. Based on feedback from several organizations, Microsoft found that honoring the license prevented embedding of elements of the SDL process and guidance in internal secure development process documents. This made it harder to adopt SDL, Microsoft said. The Creative Commons license offers more favorable licensing terms, Microsoft said.

During the next few weeks, English versions of the company's "Simplified Implementation of the Microsoft SDL" and "Microsoft Security Development Lifecycle (SDL) - Version 5.0" documentation will undergo license conversion. Other SDL content will be analyzed and relicensed as appropriate, Microsoft said. The company's SDL tools, however, will remain under the standard Microsoft license.

"It will take time for Microsoft to relicense other SDL documentation, but the company will keep developers up to date on its progress," Ladd said.

This article, "Microsoft boosts access to secure development guidelines," was originally published at InfoWorld.com. Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter.

Read more about developer world in InfoWorld's Developer World Channel.

This story, "Microsoft boosts access to secure development guidelines" was originally published by InfoWorld.

Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies