Microsoft plans to publicly release a threat modeling tool it uses internally to help software developers create more secure software, the company said Thursday.LOS ANGELES – Microsoft plans to publicly release a threat modeling tool it uses internally to help software developers create more secure software, the company said Thursday.The tool can display threats in a diagram after information such as usage scenarios and the environment in which the application will run is entered, Michael Howard, senior program manager for security engineering and communications at Microsoft, said in a presentation at the vendor’s Professional Developers Conference in Los Angeles.The software giant appears to be making a practice of publicly releasing tools it uses in-house. The company is also releasing Prefix, which features a toolkit to analyze source text for common errors, and Prefast, an analysis tool for source text. Yet another tool, FxCop, was distributed to PDC attendees and is available for download. FxCop was originally meant to enforce software design rules but is now used to analyze code for security problems, Microsoft officials said.Thor Larholm, a senior researcher with security research company Pivx Solutions, in Newport Beach, Calif., applauded Microsoft’s move to share the tools it uses to develop software but said tools alone are not enough. “The tools they are releasing sound like good starting points to get a high-level view of the threats to your application. However, in the end it all comes down to how you deal with those threats,” he said. “It will be interesting to see how well Microsoft’s internal security developer tools apply to the outside world.”Microsoft used the threat modeling tool itself. For example, the company’s decision to ship Windows Server 2003 with a locked-down Internet Explorer Web browser was made based on threat modeling, Howard said. “We reduced the attack surface based on the threat models,” he said.“Threat modeling is so important. You cannot build secure software unless you understand your threats,” Howard said.And Microsoft’s security approach for Windows Server 2003 has proved successful, Mike Nash, corporate vice president at Microsoft’s Security Business Unit, said in a presentation Thursday morning. “Our goal was to cut vulnerabilities in half; we’ve exceeded our goal,” he said.There have been six vulnerabilities deemed “important” or “critical” for Windows Server 2003 since its release last April against 21 vulnerabilities in the same period of time after the Windows 2000 Server release, according to Nash.The threat modeling tool is being prepared for external release and should be available to developers “soon” on Microsoft’s GotDotNet online community for developers, at http://www.gotdotnet.com, Howard said. Related content feature 5 ways to boost server efficiency Right-sizing workloads, upgrading to newer servers, and managing power consumption can help enterprises reach their data center sustainability goals. By Maria Korolov Dec 04, 2023 9 mins Green IT Green IT Green IT news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center feature What is Ethernet? History, evolution and roadmap The Ethernet protocol connects LANs, WANs, Internet, cloud, IoT devices, Wi-Fi systems into one seamless global communications network. By John Breeden Dec 04, 2023 11 mins Networking news IBM unveils Heron quantum processor and new modular quantum computer IBM also shared its 10-year quantum computing roadmap, which prioritizes improvements in gate operations and error-correction capabilities. By Michael Cooney Dec 04, 2023 5 mins CPUs and Processors High-Performance Computing Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe