Bluehat v3 first thoughts

Hi, I’m Brad Sarsfield (bradsa!); I’m the SQL guy here. One of the interesting things about me and my team is that I own the ‘slammer’ component in SQL Server, so by that very nature quite a large part of my job description is to ensure (and I quote) “that never … ever … happens again”.  So by default that makes me a SQL security guy and I work quite closely within the SQL Server security team.

In my adventures to fulfill my job description I’ve met a lot of brilliant database security researchers like David Litchfield, Kevin Dunn and Alexander Kornburst.  I’ve had conversations with these and other researchers that I really wish I could have shared with the 1000 of my SQL Server engineering colleagues.  So after a few of the “I wish everyone working on SQL Server could hear this right now!” moments I talked Kymberlee Price and Andrew Cushman into adding another day; thus we added another day focused on SQL, Data and Web application security.




The first day was a condensed set of talks to senior product leadership and executive types. The second day took a SQL, Data and Web application focus while the third day focused in on the Windows Platform. 

On the first day, putting around 40 highly technical senior level engineers, architects and executives in a room for a few hours with some of the top security researches in the world was an amazing sight, oh and we did it twice that day (March 8th).  It was open and honest discussion about problems specific to Microsoft technologies and also problems that affect our enitre industry.  Some of the speakers gave a condensed version of their talk during this session.

Everything was fair game.  Hearing senior executives say things like:  “I want the people responsible for those features in my office early next week; I want to get to the bottom of this” was at least one measure of success from my point of view for the event.  The speakers were quite impressed with the technical depth that our executives have.

Stay tuned as we bring more content online at the BlueHat technet site.

Brad Sarsfield

Microsoft SQL Server