SDL Breakfast Seminar in Bellevue on May 13

Interactive Seminar - The Microsoft Security Development Lifecycle (SDL)

Paving the Way for Secure Software Development

Overview
A well-defined, repeatable software development process inhibits the emergence of software vulnerabilities, reduces business risk and plays a key role in compliance and governance efforts. To support this effort, organizations need a prescriptive and flexible methodology that they can adopt quickly and with minimal disruption to their existing development process.

The Microsoft SDL is an industry-leading software security assurance process that provides guidance and tools that help embed security into your organization’s software and culture. It is rapidly proving its merit within the security industry and evolving into an unofficial, yet powerful standard for secure software development. Because the SDL is highly prescriptive, it can be easily adopted regardless of what underlying technologies or platforms your organization develops or operates on.

This interactive seminar features various software security practitioners and executives who will discuss the state of secure software development, best practices for SDL adoption, SDL tools and lessons learned.

Where: Sheraton Bellevue
When: Thursday, May 13^th from 8:45 – 12:00

Agenda & Speakers

8:45 – 9:15 Breakfast and Networking

9:15 – 9:30 Opening Remarks: State of Software Security – an Executive Perspective
Edward Adams • CEO • Security Innovation

Ed Adams, a seasoned software executive in the security and quality assurance industries, will offer his thoughts on the challenges of securing software and the mistakes organizations tend to make while adopting a secure development lifecycle. Topics include:

· Software Security Maturity Model – integrating knowledge,
technology & process

· Secure software development and compliance

· Personal experiences with the Microsoft SDL

o Customer Case Study: Sony Europe

o Value in industry standard for secure development

o Why it is poised to become a widely adopted framework

9:30 – 10:15 Microsoft SDL Tools: Automating the Security Development Lifecycle
Bryan Sullivan • SDL Security Program Manager • Microsoft

Tools are an integral piece of any successful security program, especially Microsoft’s SDL. The SDL requires the use of tools not only to find vulnerabilities, but also to track them and prevent them from occurring in the first place. In this session, we will demonstrate some of the new SDL tools Microsoft has released over the last year and explore the SDL strategy for developing future game-changing security automation technology. Specific topics include:

· Microsoft SDL overview (drivers, success)

· Microsoft SDL Tools: Automating the Security Development Lifecycle

o Threat Modeling

o Visual Studio Process Template

o Etc.

10:15 - 10:30 Open Discussion/Break

10:30 - 11:15 Rolling Out Secure Development Practices to Dispersed Teams

Cassio Goldschmidt • Sr. Manager, Product Security • Symantec Corporation

As a Senior Manager of Development, Cassio will share his experience rolling out secure development practices to multiple and geographically dispersed development teams - with different levels of expertise, tools, etc. Topics include:

· Security improvements with a repeatable development process

· Lessons learned and best practices for successful SDL implementation

11:15 - 12:00 360⁰ Perspective of the SDL:
Thoughts from a CTO, Consultant & Microsoft Security Manager

Jason Taylor • CTO • Security Innovation

Prior to joining Security Innovation, Mr. Taylor served as test architect, security lead and development manager at Microsoft and helped build early stages of security response process as described in the SDL. He will share his thoughts on the evolution of the SDL within Microsoft itself, and how he applies the security activities prescribed in the SDL on both customer service engagements and on Security Innovation’s internal software development efforts. Topics include:

· SDL Design Phase – reducing vulnerabilities before code is written

· How we’ve helped our customers adopt SDL activities and tools

· Training and the MS SDL

o key skills needed to maximize SDL security activities and tools

o SDL: the genesis of Security Innovation’s eKnowledge products

12:00-12:15 Closing Discussion