A few more words about the SDL and Creative Commons…

We’ve been asked if commercial enterprises can use the SDL documentation that we recently released under a Creative Commons license. It seems that there is some confusion within the IT community regarding our use of a CC license that stipulates non-commercial terms.  The purpose of this post is to clarify our intent in releasing the SDL materials under a Creative Commons license and to define acceptable uses of these materials.

All organizations, including for-profit enterprises, may copy, distribute and transmit any SDL content we release under the Attribution, Non-Commercial, Share Alike (cc by-nc-sa) terms.  This means that businesses are free to incorporate the SDL content we release under this Creative Commons license into their internal process documentation and development methodologies and to use the SDL content to advance the development of secure software, provided the terms of the license are followed. Microsoft released the SDL content under this Creative Commons license to enable individuals, organizations and businesses to incorporate security and privacy into software development practices.  Microsoft, however, does not extend this license grant to organizations or individuals whose primary purpose is to generate revenue by reselling the SDL content. 

Our intent here is to make it easier for all organizations to incorporate security and privacy into their development practices. By incorporating security and privacy into the development lifecycle of many businesses, we get more secure software, which reduces risk for the entire computing ecosystem.

If you have questions about commercial uses of the SDL content, please feel free to post your question on the Microsoft SDL forums – we’d be happy to help

About the Author
Dave Ladd

Principal Security Group Program Manager