MSがSecure Development Lifecycle (SDL)を企業でまわすようにするためのモデル文書を秋ごろに公開する予定とのこと。

Starting in the fall, the company will allow companies to download its Secure Development Lifecycle (SDL) Optimization Model, which allows organizations to gauge the completeness and maturity of their own software development programs as well as identify gaps in their practices, Steve Lipner, senior director of security engineering strategy at Microsoft, said in an interview transcript posted by company online. Microsoft will also kick off a one-year pilot of its SDL Pro Network, which allows consultants to get certified for their knowledge and experience in implementing SDL concepts. Finally, the software giant also plans to release a threat modeling tool based on the Secure Development Lifecycle.

http://www.securityfocus.com/brief/820?ref=rss