Over the past few weeks, I have provided a recap of the Security Development Conference 2012 in a series of articles. These articles include video interviews with Richard A. Clarke, former Special Advisor to the President for Cyber Security, General Michael V. Hayden former Director, U.S. Central Intelligence Agency and U.S. National Security Agency and Scott Charney, Corporate Vice President of Trustworthy Computing, Microsoft. In this final post of the series I thought it would be appropriate to conclude by focusing on the attendees and some of the organizations they represented – sharing some of their perspectives on the conference and a compilation of interviews with some of these folks.
While at the conference I had the opportunity to meet with a number of attendees and hear their perspectives on secure development and the importance of a security development conference to them and their organizations. Some of the organizations we chatted with include Adobe, Cisco, BlackBerry, and others. What I learned from those conversations is that many people in the industry are seeking knowledge on secure development practices. They are in various stages of implementation and are eager to learn from other organizations’ experiences. It was encouraging to see how many organizations at the conference were embracing secure development, but it also reminded me how new the concept is to many in the industry and why sharing the SDL continues to be important for Trustworthy Computing.
I will let some of the attendees speak for themselves in the video below which includes a compilation of interviews from various organizations around the world that attended the event. These organizations have shared their perspectives on secure development and its importance to the industry.
Excerpts from the video:
“Even understanding that there are a lot of companies and government organizations that are moving to adopt development practices helps to encourage folks, helps them to understand how to succeed.” – Steve Lipner, Partner Director of Program Management, Trustworthy Computing, Microsoft
“The Security Development Conference is a chance for people to compare notes. People in the software development companies and people in the critical infrastructures can meet to compare notes about how the SDL process works in their company.” – Richard Clarke, Chairman, Good Harbor Consulting, LLC & Former Special Advisor to the President for Cyber Security
“Bringing in Michael Hayden I thought was particularly interesting…Openly discussing what he sees as the new threats, new ways we’ll deal with it and really intersecting that with the politics of this, which we can’t under estimate.” – Caleb Barlow, Director, Application, Data, Mobile Security, IBM
“Everyone has the same problems but security is one of those things people don’t like to talk about…Taking a venue like this where we are all stuck in the same life raft that it opens people up a little bit and we’re not quite as afraid to discuss with one another some of the challenges we have and problems we see.” – Josh Bressers, Software Engineer, Red Hat
I want to thank you for following this series and encourage you to check out the Microsoft Security Development Lifecycle website for more free information on secure development best practices, case studies and tools.