Hoping that it will attract more developers Microsoft has started to put most of their Security Development Lifecycle (SDL) under a Creative Common License. This is probably a good move., but the tooling will be kept under a Microsoft license. And the tooling is still the largest problem SDL has. The tooling is still quite unusable, but there aren't good free alternatives around. If the tooling improves, adopting SDL will be easier and more companies will be adopting SDL.