SDL Threat Modeling Tool 3.1 RTM is up for grabs

Feb 20, 2009 15:13 GMT  ·  By

The SDL Threat Modeling Tool is one of the results of the Windows Security Push of February 2002, which ultimately led to the creation of the Security Development Lifecycle. Back in September 2008, the Redmond company revealed that it was planning to share the best practices for developing secure software with all members of the industry. But the software giant's initiative did not stop at the Security Development Lifecycle model. In addition to the SDL Pro Network, the SDL Optimization Model, the SDL Threat Modeling Tool was also released as a free download in order to help software developers bulletproof the applications designed to run on top of the Windows platform. The latest version of the SDL Threat Modeling Tool, namely 3.1, is now available for download.

“Innovative features in the Microsoft SDL Threat Modeling Tool v3 include: automation - guidance and feedback in drawing threat diagrams; STRIDE Framework: Guided analysis of threats and mitigations; integration - issue-tracking systems; and reporting capabilities - security activities and testing in the verification phase,” Microsoft revealed.

With Windows Vista as the sole operating system supported, the SDL Threat Modeling Tool 3.1 is set up to streamline the process associated with analyzing system security. The tool will flag design issues early in the software lifecycle, according to Microsoft, and permit engineers to address them ahead of making products available to the general public. SDL Threat Modeling Tool 3.1 has been released to manufacturing (RTM'ed) and went live on the Download Center on February 19, 2009, as it debuted into Beta in November 2008.

“The Microsoft SDL Threat Modeling Tool is a core element of the SDL. The tool is part of the design phase of the SDL and allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. The Microsoft SDL Threat Modeling Tool enables software architects to: communicate about the security design of their systems; analyze those designs for potential security issues using a proven methodology; and suggest and manage mitigations for security issues,” Microsoft added.

SDL Threat Modeling Tool 3.1 RTM is available for download here.