Microsoft has changed its stance regarding its copyright license for the Microsoft Security Development Lifecycle, placing it under a Creative Commons license.
The move makes it easier for others to use and redistribute the content. “The Microsoft SDL is a security assurance process that is focused on software development. It is a collection of mandatory security activities, grouped by the phases of the traditional software development life cycle,” Microsoft said on its Website.
According to the Creative Commons Website, “Creative Commons defines the spectrum of possibilities between full copyright and the public domain. From all rights reserved to no rights reserved. Our licenses help you keep your copyright while allowing certain uses of your work-a ‘some rights reserved’ copyright.”
In an Aug. 26 blog post, David Ladd, principal security program manager at Microsoft, announced that Microsoft’s SDL team-part of the company’s Trustworthy Computing group-plans to make ” our publicly available SDL documentation and other SDL process content available to the development community under a Creative Commons license.” This shift in licensing makes SDL content “more accessible and portable,” and allows software and application developers around the industry to better tailor and incorporate elements of the SDL into their own development life cycles, he said.
“Specifically, we will be using the license that specifies Attribution, Non-Commercial, Share Alike (cc by-nc-sa) terms,” Ladd said.
Under the previous copyright, SDL materials were under an exclusive Microsoft license. “With this more flexible copyright model, developers can now copy, distribute and transmit SDL documentation to others in the industry, which they were unable ot do before. Microsoft hopes this more open licensing will encourage developers to build upon the SDL and incorporate security and privacy throughout software development life cycle,” Ladd said in an e-mail.
“Our first two documents for release under a Creative Commons license will be the English versions of the Simplified Implementation of the Microsoft SDL whitepaper and the Microsoft Security Development Lifecycle (SDL)-Version 5.0 paper that illustrates how Microsoft applies the SDL to our own products and services,” Ladd said. Those releases will be completed over the next few weeks, he added.
Meanwhile, Microsoft officials said other content on the SDL portal will be analyzed and relicensed as appropriate, although Microsoft’s SDL tools will remain under the standard Microsoft license. It will take time for Microsoft to relicense other SDL documentation, but the company will keep developers up to date on its progress, Ladd said.