Abstract: The Microsoft Security Development Lifecycle is the industry leading software security assurance process. Since 2004 the SDL has been a mandatory policy within Microsoft and has proven to be an effective tool in embedding security and privacy into Microsoft software and culture. Given by a member of the team that helped make the SDL a reality, the talk will cover "the what", "the why" and "the how" of the Security Development Lifecycle.
Bio: Ivan Medvedev graduated from the Moscow State University and since 1999 has been working on various security technologies at Microsoft. Ivan has been a part of the group that is home to the SDL, MSRC and Secure Windows Initiative for four and a half years and currently leads a team of developers building internal security tools that help support the SDL process within the company.