Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Posted by: Steve Lipner, Partner Director of Program Management, Trustworthy Computing
This morning, I am sitting at the inaugural Security Development Conference 2012 in Washington DC listening to people from a diverse set of companies, government agencies and academic institutions sharing their own experiences with adopting a Security Development Lifecycle (SDL) process or learning how to accelerate adoption within their own organizations. As I watched the keynotes and sessions yesterday and see Scott Charney step onto the stage today, I am reminded of the early days at Microsoft when our customers were faced with security threats that challenged their trust in our products and services. Creating the SDL was an important step in combating these threats and to this day the SDL continues to help reduce the number and severity of vulnerabilities found in Microsoft’s products.
To see more and more private and public organizations recognize the value and importance of implementing secure development practices makes me cautiously optimistic that in the future software will be more secure than the software we’ve seen in the past. I remember when in 1997 I attended the RSA Security Conference held in the basement of the Mark Hopkins Hotel in San Francisco with a few hundred attendees. Today, the annual RSA Conference is a major industry event with more than 10,000 attendees. I’m not certain that the Security Development Conference will follow that sort of trajectory, but I do believe that secure development is of growing importance, and I also know that industry commitment can start small and grow.
As part of the conference we are announcing two new success stories in the critical infrastructure space that document adoption of the SDL beyond traditional application providers. The Government of India and Itron have both integrated the SDL into their processes and today we are sharing their stories through two newly-published case studies:
These examples represent positive momentum in the public sector and critical infrastructures and demonstrate some of the great advancements the security community is making toward creating safer and more trusted computing experiences for everyone. We hope the Security Development Conference 2012 will lead to more great stories like these in the coming year.
Together as an industry, we have a responsibility to deliver safer and more secure technologies that are trustworthy. If your organization is considering the adoption of an SDL process, visit the Microsoft SDL website where you can download free resources and tools. We have also established a network of consultants that can help you with your implementation. For more information on Microsoft’s SDL, please check out our website at www.microsoft.com/sdl.