Hi everyone, if you’re headed to RSA next week be sure to check out these sessions featuring SDL team members:


AND-202: Microsoft SDL Tools: Automating the Security Development Lifecycle


Wednesday, March 3, 9:10 AM


Katie Moussouris and Bryan Sullivan


(A preview of this session is available as a podcast at


EXP-202: Picking a Yardstick to Measure Your Software Security Practices


Wednesday, March 3, 9:10 AM


David Ladd, Eric Baize (EMC), Gary McGraw (Cigital), Richard Pethia (Carnegie Mellon University)


HOT-203: Responsible Disclosure: It’s Their Fault!


Wednesday, March 3, 10:40 AM


Katie Moussouris, Martin McKeay (Network Security Blog), Brad Arkin (Adobe Systems), Tim Stanley (Continental Airlines), Steve Dispensa (PhoneFactor), Michael Barrett (PayPal), HD Moore (The Metasploit Project)


(A preview of Katie Moussouris speaking on the topic of Responsible Disclosure can be found at


AND-304: Threat Modeling: Lessons Learned & Practical Ways to Improve Your Software


Thursday, March 4, 1:00 PM


Adam Shostack and Danny Dhillon (EMC)


About the Author
SDL Team

Trustworthy Computing, Microsoft