mercredi 31 mars 2010 18:41
I am building an updated SDL process for my company, and I am looking at can I adopt large components of the Microsoft SDL into it. I am wondering if this is something that I can really do with the restrictions I see on the documents involved in the SDL; it seems I can't copy or redistribute the SDL documents provided by Microsoft, so if I want to copy parts of it or change things, I'm not sure I can really use any of that work in my own SDL.
I was wondering what is the Microsoft recommendations on this - do I need to build my own SDL without utilizing any of the actual copyrighted material of Microsoft or are there parts of what Microsoft has provided that are freely available for me to use or as part of my MSDN licensing?
- Déplacé Hengzhe Li mardi 21 juin 2011 12:04 Forum Consolidate (From:Microsoft Security Development Lifecycle (SDL) - Threat Modeling)
Toutes les réponses
vendredi 2 avril 2010 00:43
Good question, let us look into it for you.
vendredi 28 mai 2010 16:55Any result from your investigating?
jeudi 5 août 2010 00:18Modérateur
First, apologies for the delay in replying.
We have been working with Microsoft Law and Corporate Affairs to assess our current license and to determine how best to satisfy your request. I expect that we will have a solution very soon - within a few days. When its ready, we will announce it here on the forums and on the SDL Blog.
Thanks very much!
mardi 24 août 2010 03:55
Any news on this?
jeudi 26 août 2010 18:15
Good news. Not sure if you heard, but today Microsoft has announced that the entire SDL process falls under a Creative Commons license. More specifically, they have adopted the license that specifies Attribution, Non-Commercial, Share Alike (cc by-nc-sa) terms.
So you are welcome to use it as part of your own SDL process in your office.
For more information, check out http://blogs.msdn.com/b/sdl/archive/2010/08/26/microsoft-sdl-and-the-creative-commons.aspx.
- Marqué comme réponse Dana Epp [Security MVP]MVP jeudi 26 août 2010 18:15