About Us
Adam Shostack
Senior Program Manager, Security Development Lifecycle Team
Adam Shostack is senior program manager in Microsoft Corp.’s Trustworthy Computing Group. As a member of Microsoft's Security Development Lifecycle team, he is responsible for security design analysis techniques, including the company’s threat modeling methodologies. Adam helped create the Common Vulnerabilities and Exposure (CVE) list, and now serves as the Emeritus Advisor of the group. He is also a founding member of both the International Financial Cryptography Association (IFCA) and the Privacy Enhancing Technologies Symposium. Adam has published articles in a variety of industry and academic venues, and is also co-author of the widely-acclaimed book, The New School of Information Security (Addison-Wesley, April 2008).
Bryan Sullivan
Senior Security Program Manager, Security Development Lifecycle Team
Bryan joined Microsoft as a security program manager on the Security Development Lifecycle (SDL) team in January 2008. He is responsible for addressing web application security issues in the SDL, not only by adding new SDL requirements to address new vulnerabilities, but also by changing the way the SDL itself is applied for rapid, agile web development environments. Bryan is a frequent speaker at security industry events, including Black Hat, BlueHat, and RSA Conference. He is also a published author on web application security topics. His first book, Ajax Security, was published by Addison-Wesley in 2007.
David Ladd
Principal Security Program Manager, Security Development Lifecycle Team
David Ladd is principal security program manager in Microsoft Corp.’s Trustworthy Computing (TwC) Group. As a member of Microsoft's Security Development Lifecycle (SDL) team, he is responsible for evangelizing the security development processes, tools and training of Microsoft’s SDL with the developer community. Additionally, he manages proactive security relationships with SDL partners, including independent software vendors, Web service providers and original equipment manufacturers. David is the co-founder of the Trustworthy Computing Academic Advisory Board, a group created to expand the interactions among Microsoft and the academic security and privacy research communities. He serves on a number of external advisory boards and committees and is an associate editor of IEEE Security and Privacy Magazine.
Jeremy Dallman
Security Program Manager, Security Development Lifecycle Team
Jeremy Dallman has been at Microsoft since 2002 in a variety of security roles spanning Windows Security for XP SP2 and early work on Vista to wearing a variety of security hats in Internet Explorer including security response, the IE7 security lifecycle, and IE8 security requirements, planning and feature design. His current role in the Security Engineering and Communications group is focused on extending Microsoft’s internal Security Development Lifecycle (SDL) processes beyond the company.
Katie Moussouris
Senior Security Program Manager, Security Development Lifecycle Team
Katie Moussouris is a Senior Security Program Manager in the Security Development Lifecycle (SDL) team, working to bring Microsoft’s SDL to third party software vendors in order to improve the security of the Internet as a whole. Katie’s professional background is application security, having come from Symantec by way of the @stake acquisition. Katie founded the Microsoft Vulnerability Research Program (MSVR), extending the focus of Microsoft’s security vulnerability research to third party software. Katie also founded and ran the Symantec Vulnerability Research Program, the first program of its kind in Symantec's history to allow the publication through Responsible Disclosure of original vulnerability advisories discovered by Symantec researchers. In addition to performing security research, Katie has been an application penetration tester for Fortune 500 companies across numerous industries. She has uncovered serious vulnerabilities during the course of her work before they could be widely exploited by hooligans and criminals for either fun or profit, respectively.
Michael Howard
Principal Security Program Manager, Security Development Lifecycle Team
Michael Howard is a principal security program manager on the Trustworthy Computing (TwC) Security team at Microsoft, where he is responsible for managing secure design, programming, and testing techniques across the company. Michael is an architect of the Security Development Lifecycle (SDL), a process for improving the security of Microsoft’s software, and is the co-author of six security books, including the award-winning Writing Secure Code, 19 Deadly Sins of Software Security, The Security Development Lifecycle and his most recent release, Writing Secure Code for Windows Vista.
Michael Weiss
Senior Program Manager, Security Development Lifecycle Team
Michael Weiss is senior program manager in Microsoft Corp.’s Trustworthy Computing Group. As a member of Microsoft’s Security Development Lifecycle team, he is responsible for improving the overall Windows ecosystem via proactive security relationships with original equipment manufacturers. He joined Microsoft in 1993, and has filled several security roles, covering online services, electronic billing and payments, and the SDL implementation in Windows Vista and Windows 7.
Steve Lipner
Senior Director of Security Engineering Strategy
Steve Lipner is senior director of Security Engineering Strategy at Microsoft Corp. Steve leads Microsoft’s Security Development Lifecycle (SDL) team and is responsible for the definition of Microsoft’s SDL and for programs to make the SDL available to organizations beyond Microsoft. He’s also responsible for Microsoft’s corporate strategies related to government security evaluation of Microsoft products. Steve has more than 35 years experience in IT security and is coauthor with Michael Howard of The Security Development Lifecycle (Microsoft Press, 2006). Steve is named as inventor on twelve U.S. patents in the field of computer and network security.
