Skip to content
Microsoft Secure

The time is now. Security Development Must be a Priority for Everyone

Today marks the first day of the Security Development Conference 2013.  Security professionals from companies, government agencies and academic institutions have traveled from all over the world to learn, network and share proven security development practices that can reduce an organization’s risk. As I sit here waiting for Scott Charney to take the stage, I...

Read more

Microsoft SDL Conforms to ISO/IEC 27034-1:2011

Steve Lipner here. This morning Scott Charney announced in his keynote at the Security Development Conference that the Microsoft Security Development Lifecycle (SDL) meets or exceeds the guidance published in ISO/IEC 27034-1. The full text from this announcement was as follows: Microsoft has used a risk based approach to guide software security investments through a...

Read more

Registration Now Live! Security Development Conference 2013

Registration is now live for the Security Development Conference 2013, hosted in San Francisco, CA on May 14 – 15, 2013.  If you register today you’ll save 50% off the normal registration fee. This year’s conference will include keynote speakers Edna M. Conway, Chief Security Strategist, Cisco Systems Inc.; Brad Arkin, senior director, Security, Adobe...

Read more

Software Assurance: How can you tell?

We’ve posted before on the work of SAFECode, a non-profit organization of software vendors who seek to share their approaches to improving the security and assurance of software.  In a pair of recent blog posts on the SAFECode blog, Eric Baize of EMC and I discuss effective ways for software acquirers to tell that their...

Read more

The Microsoft Security Development Lifecycle Extends Beyond Applications to Critical Infrastructure

This morning, I am sitting at the inaugural Security Development Conference 2012 in Washington DC listening to people from a diverse set of companies, government agencies and academic institutions sharing their own experiences with adopting a Security Development Lifecycle (SDL) process or learning how to accelerate adoption within their own organizations. As I watched the...

Read more

Evolving Secure Code at Microsoft and Beyond

Steve Lipner here… Over the past few weeks, Microsoft has been reflecting on the ten year anniversary of the Trustworthy Computing initiative; thinking about the things that have led us to this point in our history and speculating about the future. Obviously a big part of our work has been the creation and evolution of...

Read more

Trustworthy Computing’s 10 Year Milestone – Reflecting on Humble Beginnings

January marks the ten year milestone of Bill Gates’ memo on Trustworthy Computing.  When I think about “where was I when…” the email hit my inbox, several memories come to mind that I thought I’d share.  Back then I was the Director of Security Assurance, a position that encompassed both the Microsoft Security Response Center...

Read more

Welcoming Siemens to SAFECode

We’ve talked before on this blog about SAFECode – an organization of IT vendors who have come together to share and document best practices in software security. SAFECode has published a number of papers on best practices in software and supply chain security – most recently an update to “Fundamental Practices for Secure Software Development”...

Read more

Meet us at Black Hat to brainstorm the future of security

 Steve Lipner here. Next Tuesday evening (July 27), SAFECode will be sponsoring a brainstorming panel at Black Hat that’s aimed at gathering security community input on vision and approaches for improving software assurance over the next 10 years.  SAFECode members all have established software assurance programs, but we all believe it’s important to seek new...

Read more