November 10, 2025—The Software Engineering Institute (SEI) has released the presentation slides and videos from Secure Software by Design 2025. SEI security researchers and industry software practitioners gathered in Arlington, Virginia, in August to share ways to address, prevent, or eliminate security weaknesses earlier in the software development cycle. The videos are available on YouTube, and the presentations can be downloaded from the SEI’s Digital Library.

Presented in collaboration with Carnegie Mellon University’s CyLab Security and Privacy Institute, the third annual Secure Software by Design event sought to promote deliberate, intentional engineering processes that integrate security into the entire software lifecycle, rather than addressing security in individual stages as one-off activities. The lifecycle approach to security is especially important for software deployed in national security contexts, and it speeds delivery of more secure software to warfighters and other end users.

This year’s presenters and topics from the SEI included

• Timothy A. Chick: Secure Systems Don’t Happen by Accident
• Lyndsi Hughes: Prioritizing and Testing Non-Functional Requirements: A Practical Guide
• Emil Mathew: The Role of Large Language Models in Building Secure Software
• Greg Shevchenko: Modeling Security Policies
• David Svoboda: Integrating Automated Repair into the CERT Coding Standards
• Alexander Vesey and Natasha Shevchenko: Proactive Architectural Analysis of Cybersecurity Threats

Presentations from industry and government included

• Alka Soni: Secure by Design Architecture Enterprise Data Frameworks for Embedded Security Governance
• Amanda Walsh, Sara Nienow, Laura Morrison, Ben Fein-Smolinski, Gray Martin Meaghan McGrath, Jonathan Merker, Garrison Spencer, Carly Dotson, Victoria Neff, Breanna Reingold, and Shannon Wells: The Cost of Insecure Software
• Ankit Gupta and Shilpi Mittal: Secure by Construction: Architecting Systems that Defend Themselves
• Kara Zajac: Open Source Risk Analysis
• Anand Kumar Vedatham: Architecting Security-First Enterprise Systems
• Scott Dietzen: Can AI Fix Software & Software Engineering?
• Oleksii Segeda: Data Bill of Materials: Toward a Transparent Supply Chain
• Hariharan Ragothaman: Shift-Left Meets Zero Trust: Building Secure-by-Design APIs from Day Zero
• Alka Soni: Secure by Design Architecture: Enterprise Data Frameworks for Embedded Security Governance
• Brian Paap: Illuminating Software and Vendors
• Santosh Appachu Devanira Poovaiah: OS-Level Trust Assumptions in Shared CPU–GPU Memory Systems
• Venkata Surendra Reddy Appalapuram: Secure-by-Design Azure Data Lakehouse Architectures
• Luke Thomas: Cheap Complexity, Classic Videogames, and Binary Sandcastles

Watch these videos on the SEI’s YouTube channel, and download the presentation slides from the SEI Digital Library. To learn more, visit the Secure Software by Design 2025 website.