The 3.0 version has been in development for more than a year, said Adam Shostack a senior program manager on the SDL team it's designed for developers who may not have a clue about the nuts and bolts of security. According to Lipner, the tool has been in existence since 1998 or 1999, and it has gone through eight iterations within Microsoft, where it's been used by internal developers. ![]() Of the two free downloads slated for November, the SDL Threat Modeling Tool 3.0 has the longest lineage. "We want to move toward a more secure Internet, and it's important that there is secure development not only for our software, but also for other software that our customers use," Lipner said, explaining why Microsoft is proselytizing SDL to outside developers. It wants to share that knowledge, he added, and for a selfish reason. ![]() Credit, he said, goes to SDL and Microsoft's increased emphasis on writing more secure code. ![]() Microsoft, claimed Lipner, has nearly halved its share of the total disclosed vulnerabilities between the first six months of 2007 and the same period this year Microsoft was responsible for 4.2% of all disclosed vulnerabilities in the first six months of 2007, and for 2.5% of those made public in the first six months of 2008.
0 Comments
Leave a Reply. |