search menu icon-carat-right cmu-wordmark

The Future of Cyber: Secure Coding

June 2020 Podcast
Steve Lipner, Roberta (Bobbie) Stempfley

Bobbie Stempfley, director of the CERT Division of the SEI, explores the future of secure coding with Steve Lipner, the executive director of SAFECode and former director of software security at Microsoft.

“Start from how people attack systems and then take that class of attack and frustrate it. Take another class of attack and frustrate it. Take another class of attack and frustrate it. Somebody comes up with a new class of attack—you’d rather they didn’t—that’s OK, understand it. Frustrate it. Best case, your good guys, the red team that works for you, comes up with a class of attack, and you frustrate it and nobody ever knows it was there. ”

Publisher:

Software Engineering Institute

Listen

Watch

Abstract

For more than 30 years, the cybersecurity community has worked to increase the effectiveness of our cybersecurity and resilience efforts. Today we face an explosion of devices, the pervasiveness of software, the threat of adversarial capability, and the dependence of national capabilities on the cyber domain. These challenges demand that we think about how to achieve the future we need, which is the subject of a new series of podcasts, The Future of Cyber. In this episode, Bobbie Stempfley, director of the CERT Division of the SEI, explores the future of secure coding with Steve Lipner, the executive director of SAFECode and former director of software security at Microsoft, where he created Microsoft’s Security Development Lifecycle.  
 

About the Speaker

Steve Lipner

Steve Lipner

Steven B. Lipner is a pioneer in cybersecurity with almost 50 years’ experience as a general manager, engineering manager, and researcher. He retired in 2015 from Microsoft where he was the creator and long-time leader of Microsoft’s Security Development Lifecycle (SDL) team. While at Microsoft, Lipner also created initiatives to encourage industry adoption of secure development practices and the SDL, and served as a member and chair of the SAFECode board.

 

Lipner joined Microsoft in 1999 and was initially responsible for the Microsoft Security Response Center. In the aftermath of the major computer “worm” incidents of 2001, Lipner and his team formulated the strategy of “security pushes” that enabled Microsoft to make rapid improvements in the security of its software and to change the corporate culture to emphasize product security. The SDL is the product of these improvements.

 

At Mitretek Systems, Lipner served as the executive agent for the U.S. Government’s Infosec Research Council (IRC). At Trusted Information Systems (TIS), he led the Gauntlet Firewall business unit whose success was the basis for TIS’ 1996 Initial Public Offering. During his eleven years at Digital Equipment Corporation, Lipner led and made technical contributions to the development of numerous security products and to the operational security of Digital’s networks.

 

Throughout his career, Lipner has been a contributor to government and industry efforts to improve cybersecurity. He currently serves as the chair of the U.S. Government’s Information Security and Privacy Advisory Board (ISPAB). Lipner was one of the founding members of the board’s predecessor and is now serving his third term as a board member. He was elected in 2010 to the Information Systems Security Association Hall of Fame, in 2015 to the National Cybersecurity Hall of Fame and in 2017 as a Fellow of (ISC)2 and to the National Academy of Engineering. He holds an appointment as adjunct professor of computer science at the Institute for Software Research, School of Computer Science of Carnegie Mellon University and is named as co-inventor on twelve U.S. patents.

Read more
Roberta (Bobbie) Stempfley

Roberta (Bobbie) Stempfley

Roberta G. (Bobbie) Stempfley joined the Carnegie Mellon University Software Engineering Institute as director of the SEI’s CERT Division in June 2017. Stempfley previously served as director of cyber ...

Roberta G. (Bobbie) Stempfley joined the Carnegie Mellon University Software Engineering Institute as director of the SEI’s CERT Division in June 2017. Stempfley previously served as director of cyber strategy implementation at MITRE Corp. and as acting assistant secretary and deputy assistant secretary, Office of Cyber Security and Communications, Department of Homeland Security. In addition to her work at DHS, Stempfley previously worked in the DoD as CIO of the Defense Information Systems Agency and as chief of the DoD Computer Emergency Response Team, which she established. Stempfley received her bachelor’s degree in engineering mathematics from the University of Arizona and her master’s degree in computer science from James Madison University. A recipient of many awards, she was recognized by CyberScoop as among the Top Women in Cybersecurity, by Federal Computer Week in the Fed 100, and by Information Week as one of the Top 50 Government CIOs.

Read more