Next week, many of us here will be heading down to Las Vegas for Black Hat. The MSRC, and other teams in Microsoft, have been attending Black Hat for years. In fact, we've been sponsoring the show for the last eight years-the last five as a platinum sponsor. Some might ask why? It's funny, I can actually remember back in my days as an officer protecting networks in the U.S. Air Force, questioning why Microsoft had such a presence at the show. As much as I'd like to say it's because of the weather (after all, most of us are over here in the rainy Northwest), or because it's the largest security conference out there (it's not), or even better, because we so look forward to getting our next Pwnie Award-the truth is it's none of the above. Well, maybe just a bit on the Pwnie. But the reality is that to us, Black Hat has always been a reflection of, and driven by, the community-likeminded people from all walks of life and professions with a shared interest in advancing the state of security. They come together to share ideas, advance thinking, network and collaborate, and ultimately learn from one another. We feel connected to that and always look forward to being a part of it.
So with the show fast approaching, I've taken some time to reflect on where the Microsoft Security Response Center is currently and where we see ourselves going with respect to security. Specifically, I've been thinking a lot about three areas: 1) our work to address vulnerabilities in our software, 2) our work with the security community and 3) our philosophy on vulnerability disclosure. Given the fact that each of these topics have recently garnered interest and fueled discussion in the community and media, I thought I'd share my thoughts.
