Building a Security Response Process

Presented at Black Hat USA 1999, July 8, 1999, 1:30 p.m. (60 minutes).

Customers' increasing need for secure software products is causing many software vendors to change their development processes. Where vendors previously delivered static products at discrete intervals, many now constantly monitor their already-shipped products for reported security vulnerabilities, and provide security patches in real time. Microsoft has had such a process in place for over a year. This talk will discuss the process - what has worked and what hasn't worked - and will be of interest both to vendors and customers.

Presenters:

• Scott Culp - Security Product Manager, Microsoft
  Scott Culp is a Security Product Manager at Microsoft for Windows NT Server. He is the "voice" behind Secure@Microsoft.Com, Microsoft's email alias for reporting security vulnerabilities in Microsoft products.

Similar Presentations:

• ToorCon San Diego 18 (2016) / The Wireless Elephant in the Living Room
• BSidesSF 2016 / Sedating the Watchdog: Abusing Security Products to Bypass Windows Protections
• LocoMocoSec 2019 / Evolving beyond the vulnerability whack-a-mole game