Assurance and Evaluation: What Next?
9:30 - 10:30 AM
Redmond, WA, USA
slipner [at] microsoft.com
This talk presents some observations on the nature of system security and
security assurance, and on processes that attempt to evaluate assurance. Over
the past forty years, approaches to assuring software security have evolved from
“penetrate and patch” through attempts to prove security to application of
automated tools that help developers detect and remove potential
vulnerabilities. A review of that evolution leads to some observations on the
effectiveness and practicality of various approaches and to the conclusion that
the most theoretically appealing approaches may not be the most practical or
likely to succeed.
The talk then considers the processes by which user organizations, primarily governments, have attempted to evaluate product security. A review of historic approaches to evaluation supports the conclusion that past evaluation regimes have achieved limited success. The talk suggests some attributes of approaches to evaluation better suited to the realities of processes that achieve security assurance and more likely to provide valuable information to end users.
Steve Lipner is Senior Director of Security Engineering
Strategy in Trustworthy Computing at Microsoft. He is responsible for the
definition and updating of the Security Development Lifecycle that Microsoft
applies to improve the security and privacy of its products. He is also
responsible for Microsoft’s policies and strategies for the security
evaluation of its products. Mr. Lipner has over thirty years’ experience as
a researcher, development manager, and general manager in IT security and is
named as co-inventor on eleven patents in the field of computer and network
security. He holds S.B. and S.M. degrees from M.I.T. and is coauthor of The
Security Development Lifecycle.