In this conversation, Steve Lipner of SAFECODE explains what secure software is, and recounts his own experiences on Microsoft’s Software Security Development Lifecycle Team as the point of the spear in Microsoft’s Trustworthy Computing Initiative. Lipner stresses that secure software must come from within (so to speak). Outside consultants may be able to promote best practices, but they will never be able to grasp what needs fixing. That’s why an organization’s developers need to be trained and motivated to write secure code, which means seeing mistakes as they write code and throughout the entire development process.

Lipner also talks about the Biden Administration’s Executive Order (EO) on Improving the Nation’s Cybersecurity, released in May 2021. Lipner believes that the impact of the EO is still a work in progress. He’s particularly a “fan” of Section 4 of the EO, which lists the requirements for a robust software security program.