ConversingLabs - Episode 7
Season 1, EP 7

Steve Lipner of SAFECODE on Supply Chain Security - Is It Even Possible?

June, 2022 | Paul Roberts

When it comes to secure software development, Steve Lipner is one of those information security industry leaders who was there at the creation, so to speak. Lipner, the current Executive Director of the non-profit SafeCode, served as the Director of the Microsoft Security Response Center (MSRC) and from 2004 to 2013 - a critical period that saw Microsoft launch the now renowned Security Development Lifecycle (SDL) initiative, which Lipner oversaw. As part of SafeCode, Lipner has worked to promote secure development principles more widely in industry. SafeCode provides free resources on secure software development as well as advice and recommendations for development organizations in the form of white papers, blog posts, social media posts, and more.

ConversingLabs host Paul Roberts chatted with Lipner as a part of our ConversingLabs Cafe series of chats at the recent 2022 RSA Conference in San Francisco.

In this conversation, Lipner explains what secure software is, recounts his own experiences on Microsoft’s Software Security Development Lifecycle Team at as the point of the spear in Microsoft’s Trustworthy Computing Initiative. Lipner stresses that secure software must come from within (so to speak). Outside consultants may be able to promote best practices, but they will never be able to grasp what needs fixing as well as members of your own development team. That’s why an organization’s developers need to be trained and motivated to write secure code, which means seeing mistakes as they write code and throughout the entire development process.

Lipner also talks about the Biden Administration’s Executive Order (EO) on Improving the Nation’s Cybersecurity, released in May 2021. Lipner believes that the impact of the EO is still a work in progress. He noted that Safe Code’s member companies have made it a priority to demonstrate that they are meeting the requirements set forth in the EO. He’s particularly a “fan” of Section 4 of the EO, which lists the requirements for a robust software security program.

Check out their conversation below!

Paul Roberts

About Author: Paul Roberts

Cyber Content Lead at ReversingLabs. Paul is a reporter, editor and industry analyst with 20 years’ experience covering the cyber security space. He is the founder and editor in chief at The Security Ledger, a cybersecurity news website. His writing about cyber security has appeared in publications including Forbes, The Christian Science Monitor, MIT Technology Review, The Economist Intelligence Unit, CIO Magazine, ZDNet and Fortune Small Business. He has appeared on NPR’s Marketplace Tech Report, KPCC AirTalk, Fox News Tech Take, Al Jazeera and The Oprah Show. You can find Paul online on Twitter (@paulfroberts and on LinkedIn).


Sign up now to receive the latest
notifications and updates from

Get Started
Request a DEMO

Learn more about how ReversingLabs can help your company.