In what is without a doubt an excellent move, Microsoft is offerings select resources that helped the company bulletproof products such as Windows 7, Windows Server 2008 R2 and Office 2010 under a Creative Commons License.
Essentially, the publicly available documentation related to the Microsoft Security Development Lifecycle, as well as additional SDL process content will continue to be available free of charge to third-party developers, but with expanded rights that come with the Creative Commons license.
“Specifically, we will be using the license that specifies Attribution, Non-Commercial, Share Alike (cc by-nc-sa) terms,” revealed David Ladd, principal security program manager, Microsoft.
Ladd mentions that the licensing change came as a reaction to feedback from members of the developer community that were asking for increased flexibility in relation to creating new secure development processes based on the software giant’s Security Development Lifecycle (SDL) content.
Although the SDL documentation was already offered for free, the licensing terms prohibited devs from reproducing, including or transferring of any part of the documentation or process in the absence of express written consent from the Redmond company. This will no longer be an issue.
“By changing the license terms, we are now allowing people and organizations to copy, distribute and transmit the documentation to others; this means that you can now incorporate content from the SDL documents we release under Creative Commons into your internal process documentation – subject to the terms specified by the Creative Commons license mentioned above,” Ladd explained.
Developers building applications on top of Windows can access the same best practices, processes and tools used by Microsoft in the Security Development Lifecycle.
However, the company continues to offer the tools under a Microsoft license, despite much of the remaining content now being offered under a Creative Commons license.
“Our first two documents for release under a Creative Commons license will be the English versions of the “Simplified Implementation of the Microsoft SDL” whitepaper and the Microsoft Security Development Lifecycle (SDL) - Version 5.0 paper that illustrates how Microsoft applies the SDL to our own products and services. Those releases will be completed over the next few weeks,” Ladd added.
The promise from Microsoft is that additional SDL resources will be offered under Creative Commons in the future.
The developer community should not hesitate to embrace this excellent opportunity offered by Microsoft to make the focus on security and privacy a core part of the development process for their projects, especially now when they benefit from enhanced accessibility and portability for SDL content.