Microsoft released this week an upgrade to a tool that helps secure applications for the Internet without having to recode them.

Looking to broaden access to its security practices for software development, Microsoft plans to shift the licensing for its Security Development Lifecycle (SDL) documentation to the more accessible Creative Commons License, the company said on Thursday.

SDL is Microsoft’s blueprint for incorporating security into applications. It has been available under an exclusive Microsoft license.

Acknowledging a reported hacking of its new Android Market licensing server, Google maintained this week that the licensing service represents a “significant step forward in terms of protection.”

Adobe will employ a new sandboxing technology in the next version of its oft-targeted Reader in the name of hardening security. However, the effort won’t make Reader more secure in the long run — and likely not even in the short run. I’m a big believer that the best predictor of future behavior is past behavior, and if you look at the two-decade history of security sandboxes, you’ll see they all eventually failed big.

Code quality and security analyses are being united through the integration of products from Coverity and Armorize Technologies, the companies are announcing on Tuesday.

The integration will link Coverity Static Analysis, for code analysis, with Armorize CodeSecure, for security analysis. Integrations will be featured in upgrades of the two products planned for the end of this calendar year.

Apple has responded to press inquiries about the hacking of iTunes user accounts and fraudulent purchases made through its App Store, but the company has yet to come clean about the extent of the incident or the pressing questions it raises about the securi

Honing in on the need for more security in application development, IBM Rational is planning an enterprise-level  product that features two separately acquired technologies for security testing and code scanning.

A loose consortium of security experts from more than 30 organizations today called on enterprises to exert more pressure on their software vendors to ensure that they use secure code development practices.