Firehoses and Asbestos Pants: Security at Microsoft from Response to Lifecycle

Presented at Kiwicon 6: The Con of the Beast (2012), Nov. 17, 2012, 3 p.m. (30 minutes)

In the ten years since the Trustworthy Computing memo, we've learned a few things at Microsoft about the processes an organization needs to have in place to respond to security vulnerabilities and incidents. This talk will share many of those lessons with you - from that initial report to building the next version of the product. There will be military metaphors and card games.

Presenters:

• Leigh Honeywell
  After her exile from Canada, Leigh Honeywell joined Trustworthy Computing at Microsoft and is now a program manager with the Microsoft Security Engineering Center. She's an advisor to the Ada Initiative because she cares about gender issues in open technology and culture, and to the SecTor conference because Canada deserves security too :(

Links:

• https://2012.kiwicon.org/the-con/talks/#e60

Similar Presentations:

• THOTCON 0x5 (2014) / Ten Commandments of Incident Response (For Hackers)
• DEF CON 30 (2022) / Hundreds of incidents, what can we share?
• AppSec USA 2014 / Keynote: Gary McGraw - Bug Parades, Zombies, and the BSIMM: A Decade of Software Security