Looking to broaden access to its security practices for software development, Microsoft plans to shift the licensing for its Security Development Lifecycle (SDL) documentation to the more accessible Creative Commons License, the company said on Thursday.
SDL is Microsoft’s blueprint for incorporating security into applications. It has been available under an exclusive Microsoft license.
“With this more flexible copyright model, developers can now copy, distribute, and transmit SDL documentation to others in the industry, which they were unable to do before. Microsoft hopes this more open licensing will encourage developers to build upon the SDL and incorporate security and privacy throughout software development lifecycle,” said David Ladd, Microsoft principal security program, in an email.
The Microsoft license has required express, written consent from Microsoft to share, copy, or transmit SDL content or processes. Based on feedback from several organizations, Microsoft found that honoring the license prevented embedding of elements of the SDL process and guidance in internal secure development process documents. This made it harder to adopt SDL, Microsoft said. The Creative Commons license offers more favorable licensing terms, Microsoft said.
During the next few weeks, English versions of the company’s “Simplified Implementation of the Microsoft SDL” and “Microsoft Security Development Lifecycle (SDL) – Version 5.0” documentation will undergo license conversion. Other SDL content will be analyzed and relicensed as appropriate, Microsoft said. The company’s SDL tools, however, will remain under the standard Microsoft license.
“It will take time for Microsoft to relicense other SDL documentation, but the company will keep developers up to date on its progress,” Ladd said.