[ insider_reports_insider ]
BlueHat Busts Microsoft Products
David Utter
Staff Writer
2007-05-11
 Insider Reports RSS Feed
Taking a cue from the BlackHat conferences, Microsoft runs an internal-only security event where speakers illustrate security issues for their fellow workers.
 | | BlueHat Busts Microsoft Products |  |
Andrew Cushman is the new director of the Microsoft Security Response Center, a job that follows his work with the company's Security Outreach Initiative. He used to be one of Microsoft's contact people at events like BlackHat, and also organized the BlueHat twice-yearly security conference.
BlueHat is for Microsoft insiders only, and serves as a way to bring security issues with their products to the forefront of discussion. The event has hosted hackers as speakers, with notables like the Metasploit Project's HD Moore and researcher Dino Dai Zovi, whose discovery of a QuickTime flaw at the recent CanSecWest "Mac hack" event stirred up some controversy.
Cushman's outline of the two main themes at the just-concluded BlueHat v5 events give some insight into how Microsoft's developers are exposed to security issues in products, with discussions from internal and external sources:
The BlueHat goals are two-fold
• Expose senior product leaders and front line engineers to the threats and attack tools and methodologies used in the real world. Take the security threat from the theoretical/intellectual level of, "I understand what a buffer overflow is", to "OMG that's what it's like." BlueHat connects with employees at a visceral in order and *really* brings the message home. You can read about security issues and still be somewhat detached, but when someone breaks your product in front of a few hundred peers - that's a real catalyst for change.
• Expose security researchers (and the security community) to Microsoft engineers and business leaders. In the past there's been the perception that MS doesn't "get" security and that we don't really care about security or customer protection. BlueHat gives us a chance to open up on our home turf and gives the researchers an opportunity to interact with all levels of the organization. They too get to experience first-hand that Microsoft does have smart, passionate engineers that do care about security.
One can only imagine the butt-clenching fear that comes with having their product cracked in front of a live audience. As an external observer of security issues and Microsoft, it's good to know that engineers get to see the problems that cause headaches for admins everywhere when those problems are exploited.
---
Tags: Microsoft, BlueHat, Computer Security
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
