Security Development Conference 2012: Evolving from Principles to Practices

Today, I am excited to announce the inaugural Security Development Conference will be held in Washington D.C. on May 15-16.  This event will bring together business decision makers, security engineers, managers of software security processes, and security policy makers from companies, government agencies and academia. Attendees will learn from security experts and build professional networks that accelerate adoption of holistic and proactive security development practices.

Ten years ago, Microsoft announced the creation of Trustworthy Computing. Since then, the Security Development Lifecycle (SDL) processes and tools we implemented at Microsoft and shared publicly have been studied and applied by both software vendors and other organizations that build a variety of hardware and software.  Today, security professionals who previously asked “why should I implement the SDL” are asking “how do I implement the SDL within my organization?” Technical decision makers, business decision makers and governments are becoming increasingly aware that present-day operational security protections and regulatory compliance are not sufficient to protect the applications and infrastructures that people rely on every day. The increased demand for a more holistic and prescriptive secure development methodology has evolved into a growing community of practitioners well beyond Microsoft.

The Security Development Conference will bring together members from that community. We believe that practitioners in the evolving SDL ecosystem can share a lot with organizations that are in different stages of adopting secure development practices. This event will bring together security experts from a variety of companies, professional SDL services organizations, and government policy makers to learn from each other and build professional networks that will evolve security principles into effective practices.

Trustworthy Computing Corporate Vice President Scott Charney will kick off the conference with a keynote on Tuesday, May 15, followed by a keynote on day-two by Richard A. Clarke – Chairman, Good Harbor Consulting, LLC and former National Coordinator for Security and Counterterrorism and Special Advisor to the President of the United States for Cyber Security.

The conference will include three session tracks informing the three most important roles in any SDL practice: Security Engineering, Business and SDL, and Managing the Process. The sessions for each of these tracks will focus on practical application of security practices and explore the most common questions organizations are asking as they pursue adoption of their own secure development practices and tools.

We encourage you to visit the Security Development Conference 2012 website to learn more, spread the word and join us at the event on May 15-16, 2012.

About the Author
Matt Thomlinson

Vice President, Microsoft Security

Matt Thomlinson is Vice President of Security at Microsoft and leads the Microsoft Security Engineering Center (MSEC), the Microsoft Security Response Center (MSRC) and Global Security Strategy & Diplomacy (GSSD) and internal Network Security (NetSec). His teams are responsible for Read more »