Technorati Tags: SDL HIPAA compliance security rule Microsoft EHR development integration healthcare software HIT HITECH HIPPA Jeremy Dallman here to talk about aligning SDL practices with Health Insurance Portability and Accountability Act (HIPAA) regulatory...

Adam Shostack here.  One of the really exciting things about being in the Microsoft Security Engineering Center is all of the amazing collaborators we have around the company.  People are always working to make security engineering easier and...

Arjuna Shunn here to talk with you about the importance and value of software security training when implementing the Microsoft SDL . Product and application development too often only focuses on finding security issues late in the development lifecycle...

Dave again! We’ve been asked if commercial enterprises can use the SDL documentation that we recently released under a Creative Commons license. It seems that there is some confusion within the IT community regarding our use of a CC license that...

Adam Shostack here. I've been working on an SDL requirement since a few weeks after I joined the company.  For this blog post, what it is matters less than how we've gotten here, and for where we are, I must thank and blame Steve Lipner.  It...

Hi, Michael here, Over the last few weeks, Matt Miller, Matt Thomlinson, John Lambert and I worked on a paper that describes the various buffer overrun defenses we offer in Windows Vista and later and Windows Server 2008 and later. I’d...

Hello All, Dave again... In addition to the Attack Surface Analyzer release at Blackhat DC, we have a variety of other releases to announce. First, we are releasing the next version of the Microsoft SDL Threat Modeling Tool, as a beta. Consistent...

[update 3/22/10: The Excel spreadsheet referenced in this post is now available for download: http://go.microsoft.com/?linkid=9764798 ] Hey everyone, Jeremy Dallman here with a new way to sort and view the SDL practices and implementation guidance...

Jeremy Dallman here to introduce our second paper aligning SDL practices with compliance activities. Last year we released the SDL and HIPAA whitepaper . This time, we chose the Payment Card Industry Data Security Standards (PCI DSS) and Payment Application...

Hi, Michael here. A couple weeks back we released a beta version of the Attack Surface Analyzer tool . Hopefully, you’ve downloaded and looked at it by now! This tool is one of many tools we use as part of the SDL to help software developers make their...

Doug Cavit here to talk about a presentation I’m giving at the RSA Conference featuring findings from a Forrester Consulting thought leadership paper we recently released. We’re often asked, “What is the real return on investment...

Arjuna Shunn here. Our friends over on the security blog have done up a series of posts about SDL and compliance which are worth reading. Using data from numerous sources, ranging from our SDL and HIPAA whitepaper, our SDL and PCI DSS/PA-DSS whitepaper...

Registration is now live for the Security Development Conference 2013, hosted in San Francisco, CA on May 14 – 15, 2013.  If you register today you’ll save 50% off the normal registration fee.

This year’s conference will include keynote speakers Edna M. Conway, Chief Security Strategist, Cisco Systems Inc.; Brad Arkin, senior director, Security, Adobe products and services; and Scott Charney, corporate vice president, Trustworthy Computing, Microsoft Corp.    Event tracks will include: Engineering for Secure Data, Security Development Lifecycle & Data Security, and Business Risk & Data Security. Track sessions will cover the latest in proven security development techniques that help reduce risk and protect organizations in the ever-changing technology landscape.

The Security Development Conference brings together IT security professionals to network, learn and discuss secure development best practices. Attendees from around the world will hear from leading security experts, build their professional networks, and learn how to implement or accelerate adoption of secure development practices within their own organizations. 

For more information, I encourage you to check out the website at www.securitydevelopmentconference.com.

Steve Lipner
Partner Director of Program Management
Microsoft Trustworthy Computing

 

...

Join us for the second annual Security Development Conference in San Francisco, May 14-15, 2013 . Learn about proven security development practices through interactions with peers, industry luminaries and other organizations. Sessions will cover the latest...

In less than two weeks, the world’s best and brightest security professionals will converge on the InterContinental Hotel San Francisco, CA for the second annual Security Development Conference! Don’t miss this opportunity to hear from industry...

Steve Lipner here. This morning Scott Charney announced in his keynote at the Security Development Conference that the Microsoft Security Development Lifecycle (SDL) meets or exceeds the guidance published in ISO/IEC 27034-1. The full text from this announcement...

Steve Lipner here… Over the past few weeks, Microsoft has been reflecting on the ten year anniversary of the Trustworthy Computing initiative; thinking about the things that have led us to this point in our history and speculating about the...

Jeremy Dallman here to introduce four new companies that have joined our SDL Pro Network . Today, Accuvant Labs , Conviso Application Security , Lockheed Martin , and Verizon Business EMEA joined this network of security consultants, training companies...

Hello all - Dave here... Tim Burrell of the TwC Security Science team presents the fifth blog installment describing /sdl: functionality in Visual Studio 11. --------------------------------------------------------------------------------------...

Previously, we blogged about “ Adding Usable Security to the SDL .” Feedback as we hand out the cards at a variety of conferences has been amazingly positive. We wanted to make it easier for folks outside of Microsoft to take advantage of...

Planning is underway for the Security Development Conference (SDC) 2013 , scheduled to take place in San Francisco, CA on May 14 and 15 2013. There will be four tracks for SDC 2013 – Engineering for Secure Data, Advanced Engineering for Secure Data...

Hello all - Dave here. Tim Burrell and Thomas Garnier of the TwC Security Science team present the sixth and last blog installment describing more /sdl functionality in Visual Studio 2012 RC. Please note that there will be an MSDN webcast discussing...

Doug Cavit here, blogging from the Security Development Conference 2012 in Washington, D.C. I am excited to announce a new set of important SDL Chronicles case studies detailing the efforts of two organizations to enhance their overall security posture...