http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=220000750 By Kelly Jackson Higgins DarkReading Sept 16, 2009 Microsoft continued efforts to spread its own secure software development program with today's release of a free fuzzer and tool for analyzing binary code. The software giant last year began opening up its Security Development Lifecycle (SDL) for all third-party application developers and enterprises as a way to write cleaner, more secure code. As part of its SDL-sharing strategy, Microsoft has released several free tools for developers, including the SDL Threat Modeling Tool, the !exploitable (pronounced "bang exploitable") Crash Analyzer, an add-on to Microsoft's Windows debugger fuzzing tool; and the SDL Process Template, which integrates Microsoft's SDL directly into third-party and enterprise development environments. Microsoft's latest tools -- BinScope Binary Analyzer and Mini-Fuzz File Fuzzer -- support the verification stage of the SDL process. "This is the testing phase," says David Ladd, principal security program manager for Microsoft's SDL team. Microsoft also released a white paper on how to manually integrate the SDL Process Template into its existing Visual Studio Team System development projects. Along with iSEC Partners, the company also released a new report on how to measure the ROI of an SDL program. The report, which includes data from NIST studies and anecdotal data from iSEC, demonstrates how to use metrics to calculate an ROI: "The earlier you can find bugs, the cheaper it's going to be for development organizations," Ladd says. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Wed Sep 16 2009 - 22:29:01 PDT
This archive was generated by hypermail 2.2.0 : Wed Sep 16 2009 - 22:38:36 PDT