Microsoft announces it has changed the copyright license for its Security Development Lifecycle, making it easier to use and redistribute content.
has changed its stance regarding its copyright license for the Microsoft Security Development Lifecycle,
placing it under a Creative
move makes it easier for others to use and redistribute the content. "The
is a security assurance process
that is focused on software development. It
is a collection of mandatory security activities, grouped by the phases of the
traditional software development life cycle," Microsoft said on its
to the Creative Commons
"Creative Commons defines the spectrum of possibilities
between full copyright and the public domain. From all rights reserved to no
rights reserved. Our licenses help you keep your copyright while allowing certain uses
your work-a 'some rights reserved' copyright."
26 blog post,
David Ladd, principal security program manager at Microsoft,
announced that Microsoft's SDL team-part of the company's Trustworthy Computing
group-plans to make " our publicly available SDL documentation and other
SDL process content available to the development community under a Creative
Commons license." This shift in licensing makes SDL content "more
accessible and portable," and allows software and application developers
around the industry to better tailor and incorporate elements of the SDL into
their own development life cycles, he said.
we will be using the license that specifies Attribution, Non-Commercial, Share Alike (cc by-nc-sa) terms,"
the previous copyright, SDL materials were under an exclusive Microsoft
license. "With this more flexible copyright model, developers can now
copy, distribute and transmit SDL documentation to others in the industry,
which they were unable ot do before. Microsoft hopes this more open licensing
will encourage developers to build upon the SDL and incorporate security and
privacy throughout software development life cycle," Ladd said in an
"Our first two documents for release under a Creative Commons license
will be the English versions of the Simplified
Implementation of the Microsoft SDL
whitepaper and the Microsoft
Security Development Lifecycle (SDL)-Version 5.0
paper that illustrates how
Microsoft applies the SDL to our own products and services," Ladd
said. Those releases will be completed over the next few weeks, he added.
Meanwhile, Microsoft officials said other content on the SDL portal
will be analyzed and
relicensed as appropriate, although Microsoft's SDL tools
will remain under the standard Microsoft license. It will take time
for Microsoft to relicense other SDL documentation, but the company will keep
developers up to date on its progress, Ladd said.