Pay no attention to that vuln behind the curtain

Adam Shostack here, guest blogging for the BlueHat blog.

As you may have seen from Andrew Cushman’s post, the theme of this BlueHat is “The Vuln Behind the Curtain.”   I really like this theme, because it’s part of a maturing in the way we’re dealing with security issues.  I’m not going to claim Microsoft is perfect, but we’re doing a pretty good job at pushing downwards the number of vulnerabilities (and updates) our customers need to deal with.  To be honest, a lot of that was in motion long before I joined, but it feels odd to write “Microsoft is doing…” when I’m an employee.
What’s happening now is that we’re starting to look for what’s next, and what’s non-obvious.  We have a very interesting lineup of people speaking, with two full days of talks, and both Microsoft employees and independent researchers presenting.
As we start to pull back the curtain, we can and start to look to see what’s behind it. Perhaps we’ll discover that some loud voices aren’t as fearsome as they’ve seemed, and that we, and our customers, really can get what we want (trustworthy systems).  That’s not to say it’s easy, or that there aren’t more problems ahead.  Now, rather than just fighting the lions and tigers and bears of current vulnerabilities, we can spend time looking at what’s down the road to the Emerald City.

Editors note: Adam Shostack typically writes for the SDL blog. Check out the BlueHat blog this week for more guest bloggers!