The three SDL tools being updated are Threat Modeling, MiniGuzz, and RegExFuzz.
For Threat Modeling tool v.3.1.8, which is used in the SDL design phase to find security problems before coding begins, Microsoft stabilized the Visio 2010 and Team Foundation Server (TFS) 2010 support and fixed bugs that were discovered in the beta release.
For MiniFuzz tool v1.5.5, which provides basic file fuzzing capabilities that can be applied by developers and testers as part of the SDL verification phase, the company included support for the TFS 2010, fixed stability bugs, and made it easier to control target application shutdown.
And for RegExFuzz tool v.1.1.0, which provides regular expression fuzzing capabilities that can be applied during the SDL verification phase to check that regular expression evaluation times are not exponential, Microsoft fixed vulnerabilites found in the field.
“As the threat landscape continues to evolve, we remain committed to freely sharing our secure engineering best practices and security tools with the broader community. We hope you find our tools useful and, as always, we welcome any comments or feedback you may have”, wrote Monty LaRue, a member of Microsoft’s SDL Team.