In my two previous articles recapping the Security Development Conference 2012 I shared some insights from Richard Clarke’s keynote and General Michael V. Hayden’s keynote. The final keynote of the conference was delivered by Scott Charney, Corporate Vice President, Trustworthy Computing at Microsoft. Scott’s keynote focused on the journey that started ten years ago when Trustworthy Computing was initiated at Microsoft. Scott talked about many of the challenges we faced at Microsoft in the early days of Trustworthy Computing. Scott also spoke about Microsoft’s security strategy referred to as “Establishing End to End Trust” and how it reflects many of the things we have learned about security over the years.
I sat down with Scott to discuss his keynote and asked him about the importance of the SDL to Microsoft’s security efforts over the past ten years. Scott told me “what we have recognized over time is that we need secure hardware, secure software and applications, we need to know the authenticity of data and we need good identity management. But none of that matters unless you build it on a solid foundation. A solid foundation means that you have operating systems and applications that have been coded well where good threat models are built and you build code to resist the kind of attacks it will see when it is actually deployed. We call the Security Development Lifecycle one of the core fundamentals for everything we do.”
You can watch the full discussion using the link to the video below.