Skip to main content

Distinguished Seminar:  Building a Software Security Program - Effective Risk Management for IT Security

Date:February 15, 2016 
Talk Title:Building a Software Security Program - Effective Risk Management for IT Security
Speaker:Steve Lipner, former Partner Director of Software Security, Microsoft
Time & Location:12:00pm - 1:00pm
DEC, CIC Building, Pittsburgh


The growing frequency and severity of cybersecurity incidents has led government and private sector organizations to seek better ways to protect their systems and information. Many of these organizations have begun by adopting risk management frameworks as a way of structuring their approach to security. But risk management is only effective if it is informed by deep understanding of attacks and the ways to defend against them. The history and structure of successful software security programs shows how technical understanding can be integrated into risk management decisions. This talk will summarize the history of a typical software security program and outline principles by which understanding of attacks and defenses combined with continuous improvement leads to effective risk management.

Speaker Bio

Steven B. Lipner is the creator and long-time leader of the Microsoft Security Development Lifecycle (SDL). The SDL was the first scalable and effective approach to achieving security assurance for large-scale software systems and has been applied by Microsoft and numerous other development organizations.

Early in his career, Mr. Lipner made contributions that helped set the direction of computer security research. He originated the approach of using a Virtual Machine Monitor to achieve multilevel security, and managed the team that developed the fundamental model for multilevel security and the first security kernel that implemented that model. He was a key industry contributor to the “Orange Book” that guided government evaluations of commercial operating system security.

Mr. Lipner is a member of the National Cybersecurity Hall of Fame (Class of 2015). His CV is available at