In a blog posting August 26, Microsoft announced that it is revising the licensing terms of its Security Development Lifecycle, moving parts of it to a Creative Commons license.

Security Development Lifecycle is a methodology that Microsoft developed that incorporates best security practices at every level of the development lifecycle when security is important--such as in secure business environments or where personally identifiable information is vital.

The methodology includes a set of documentation explaining the process and how to follow it, as well as a set of software tools to help in the software development. But there's always been a catch: While Microsoft certainly wanted organizations to use this methodology, companies weren't allowed to create their own internal documentationbased on the methodology's documentation without express written consent from Microsoft (even if the documentation would be internal to the company).

That certainly seems a little silly; every large company creating software creates its own internal documentation, and such documentation often includes their own adaptation of a particular software development methodology. So if a company uses the Microsoft SDL, most likely they would produce their own documentation based on the existing SDL documentation. But up until now that was technically illegal.

Fortunately, Microsoft realized how absurd that was, and today announced that they have modified the license. While the tools are still proprietary, the documentation itself now has a Creative Commons license. The short story is now that companies that based their own internal processes on this existing documentation are no longer breaking the law. And other companies--the ones that might have shied away from adopting the methodology because they couldn't really do much with it besides read the documentation--can now implement it into their own documentation and actually use it.

Here's the exact text from the blog posting :
[INDENT]By changing the license terms, we are now allowing people and organizations to copy, distribute and transmit the documentation to others; this means that you can now incorporate content from the SDL documents we release under Creative Commons into your internal process documentation – subject to the terms specified by the Creative Commons license mentioned above.