Guest Blog entry from the Secure Windows Initiative Team!

Hi!  I’m Richie Lai and I’m a lead on the Microsoft Secure Windows Initiative (SWI) team.  One of the things our team does is work side by side with the program managers of the MSRC, so they invited us to guest blog.  While MSRC may be the most visible face of security at Microsoft, the SWI team plays a complementary role in securing our products. 


Organizationally, SWI is under the direction of Microsoft’s Director of Security Engineering, Matt Thomlinson.  This organization is responsible for several important security functions spanning almost all products that Microsoft ships.  These functions are:

  • SWI Program Management – Reviews products to provide guidance and assist in meeting SDL requirements.
  • SWI Attack – In-house application penetration testing for products we ship.
  • SWI React – This is my team.  We ensure updates are effective in eliminating software vulnerabilities, provide technical guidance for security bulletins, investigate and perform research on new vulnerabilities, handle technical aspects of Internet emergencies, and work with law enforcement when necessary.  You can think of us as the technical arm of MSRC.

In the future you will see more of SWI – we want everyone to know we’re here and that we provide value “in the box” with Microsoft software.  For a sample of some of the great work coming out of SWI, take a look at Analyzing Browser Based Vulnerability Exploitation Incidents from David Ross, and Robert Hensing’s recent post on his blog detailing the work SWI does in detail.  We’re still evaluating how best to deliver future research – it’s possible we will build a SWI blog similar to this one.


Richie Lai

SWI React, Microsoft

*This posting is provided “AS IS” with no warranties, and confers no rights.*