About The Security Development Lifecycle

About The Security Development Lifecycle


Arjuna Shunn
Principal Security Program Manager | Security Development Lifecycle Team

Arjuna Shunn is principal security program manager in the Microsoft Corp.'s Trustworthy Computing (TwC) Group. He is a cyber-security professional with extensive experience across a wide range of cyber-security practices, industry verticals, regulatory regimes and environments, focusing on development lifecycle security, regulatory guidance and cyber-security training. Arjuna currently manages the SDL Pro Network pilot program and helps evangelize SDL adoption across the software development ecosystem.

Douglas Cavit
Security Development Lifecycle Team

Douglas Cavit helps protect and secure global critical information infrastructure through technology innovation and collaborative efforts with others in industry and government. Specifically, he drives forward the SDL process as a methodology to improve development and implementation of technology in critical infrastructures working with employees, partners, customers, and governments. Douglas has over 25 years of experience in the technology arena and is widely recognized as an industry thought leader on application security, privacy and cloud computing serving on numerous boards and advisory groups. Before joining Microsoft, Douglas was CIO of McAfee for 8 years and is a published author on technology innovation.

Michael Howard
PPrincipal Security Program Manager | Security Development Lifecycle Team

Michael Howard is a principal security program manager on the Trustworthy Computing (TwC) Security team at Microsoft, where he is responsible for managing secure design, programming, and testing techniques across the company. Michael is an architect of the Security Development Lifecycle (SDL), a process for improving the security of Microsoft’s software, and is the co-author of six security books, including the award-winning Writing Secure Code, 19 Deadly Sins of Software Security, The Security Development Lifecycle and his most recent release, Writing Secure Code for Windows Vista.

Monty LaRue
Senior Security Program Manager | Security Development Lifecycle Team

Monty LaRue is a senior security program manager in Microsoft’s Trustworthy Computing (TwC) Group. He joined TwC in early 2011, but has worked with Microsoft since 2003 as a developer and program manager in the Windows, Automotive, Surface Computing, and Xbox product teams. He is currently part of the SDL team with responsibilities to address application security issues via the SDL by managing the SDL requirements and determining how the SDL is applied to the various software development processes. Monty’s focus is on SDL as it applies to web technologies and “agile” development environments as well as contributing to the security tools strategy within Microsoft and outward into the external developer community.

Steve Lipner
Senior Director of Security Engineering Strategy

Steve Lipner is senior director of Security Engineering Strategy at Microsoft Corp. Steve leads Microsoft’s Security Development Lifecycle (SDL) team and is responsible for the definition of Microsoft’s SDL and for programs to make the SDL available to organizations beyond Microsoft. He’s also responsible for Microsoft’s corporate strategies related to government security evaluation of Microsoft products. Steve has more than 35 years experience in IT security and is coauthor with Michael Howard of The Security Development Lifecycle (Microsoft Press, 2006). Steve is named as inventor on twelve U.S. patents in the field of computer and network security.