I’m very pleased to announce that Steve Lipner, Microsoft’s Senior Director of Security Engineering Strategy in Trustworthy Computing, is the Day One Keynote at our SCADA Security Scientific Symposium (S4). All physical attendees will also receive a copy of his book, The Security Development Lifecycle. See the full agenda and register.

Steve’s keynote is titled Lessons Learned While Building Secure Software. After the worms did their damage in 2001/2002, Microsoft got serious about integrating security into the software development process. Steve was a leader at Microsoft in this effort. In his keynote Steve will talk about the different security activities in the lifecycle including things like secure design, coding standards, threat modeling, development tools, fuzzing and a security push. Steve will cover the techniques Microsoft uses, and importantly the improvement in identifying and correcting bugs prior to shipment with some hard data.

I know the knee jerk reaction to Microsoft is not to think security, but most control system vendors are where Microsoft was back in 2002 - - or worse - - with little if any security in the development lifecycle. The control systems have just not been exposed to myriad of threat agents. If you doubt this, remember how many people warn you not to send even trivial data to a control system application. Microsoft has been a real leader over the past five years in improving software security and is very open on the tools and techniques they have used.

I recently reread Steve and Michael Howard’s book, The Security Development Lifecycle, and for some reason I saw the light this time. The community needs a huge push in secure software development, and who better than Steve to tell us how to get started? After you hear his talk and read the book, you will go back to your vendors and ask for details on their integration of security into the development lifecycle.

Mini Bio: Steve Libner is responsible for the definition and updating of the Security Development Lifecycle process that Microsoft applies to improve the security and privacy of its products. He is also responsible for Microsoft’s policies and strategies for the security evaluation of its products, and for the development of other programs to provide improved product security to Microsoft customers.