Five years ago I signed one of the most draconian Non-Disclosure Agreements in the computer world to get access to the source code, design specifications, threat models, developers and managers of Windows Vista for its Final Security Review. This NDA expires the day before Blackhat, meaning that I am free to talk about all of the secrets I was given during the 9 months I spent at Redmond.
In addition to a critical analysis of the entire SDL process, this talk will reveal all manner of previously-secret information about the security process that Vista went through, the reality of running an infosec program on a behemoth like Vista, and the internal workings of the Secure Windows Initiative. Expect brutal honesty, some real shock-and-awe moments, and a few unexpected twists that you probably won't see coming.