Designing and Writing Secure Software

Long Form


Attackers only need to be right once, but developers have to be right all the time. Secure software development practices are essential.


In January 2002, Bill Gates sent out his Trustworthy computing e-mail, which effectively stopped development on the next version of Windows in order to secure Windows XP. Since then, Microsoft has led the industry in treating security as a top priority in all the software they ship. This talk will explain how to write secure code and design secure software using techniques learned by and adopted at Microsoft.



Speaking experience

I spoke at Open Source Bridge in 2012 ( I spoke at last year's PowerShell Summit North America (

This will be a variation of a talk I've given frequently at work.


  • Aaron Jensen

    WebMD Health Services


    Aaron Jensen is a Automation/Build/Configuration Management/Software Engineer for WebMD Health Services in Portland, Oregon. He has worked as a web software engineer for sixteen years, working mostly with Microsoft technologies.

    He is the owner and maintainer of Carbon, an open-source project used to automate the installation and configuration of Windows, IIS websites, and Windows Services. It has been downloaded more than 12,000 times. He has contributed to many open-source projects.

Leave a private comment to organizers about this proposal