The Valley Between Black & Blue


Celene Temkin

BlueHat Project Manager

Culinary warfare, BlueHat hackers and responsible disclosure

Acts of hubris, MySpace, orange mocha Frappaccinos!

I affectionately call this time between summer conferences, the black and blue phase, where I wear security like a Hypercolor t-shirt, changing colors depending on where we are in our conference shipping and planning cycles.  We just shipped a successful Black Hat and we are within T-minus 60 days until BlueHat v8.

Although the BlueHat v8 schedule has yet to be formally announced, there has been some early buzz around the speaker line up and I can assure you the two days of cutting-edge content will not disappoint. Please keep an eye out for speaker line-ups, abstracts, and bios, which will be posted on the BlueHat TechNet Security Briefing Page in the next couple of weeks. As always, keep up with the rolling thunder of the BlueHat Blog, which highlights internal and external BlueHat speakers from past, present, and (hint, hint) future.

But let’s back up for a second, what is BlueHat and what are the goals of this conference in the ever-evolving security industry? 

First, we believe in educating our own because only when we truly comprehend our security reality, can we begin to defend ourselves and anticipate mitigations for the looming threats on the horizon. We educate our own by making BlueHat an invitation-only conference where our Microsoft developers, security engineers and product teams can receive security training credits for attending. Since security is not a spectator sport, we also encourage Microsoft employees to present alongside the external researchers recruited to present. We try and stay as transparent as possible with all our speakers, so none of the talks are under NDA.

Second, we use BlueHat as a vehicle for our partner and product teams to outreach to the security community. At every con out there, everyone knows that the “hallway track” is often the most fruitful and interesting. We seed our hallway track at BlueHat deliberately to maximize everyone’s experience. Countless introductions and targeted outreach occurs on the sidelines while the talks are going on. Researchers meet developers, speakers meet architects, CERTs meet security strategists—you name it, everyone’s engaging and the best part is it can take new relationships to a completely organic state far beyond our wildest expectations. Only at a venue like BlueHat could we pair two independent security researchers to do research on Silverlight in conjunction with the Silverlight & Adobe teams, and then have them present the results. Their presentation went so well that Manuel Caballero and Fukami won the “International Tag-Team Patches Award” at the BlueHat v7 Community Dinner, highlighting this alliance.

Third, BlueHat promotes Microsoft’s responsible disclosure policy, with the goal of coordinated release of an update and public disclosure of the vulnerability details. We also promote responsible disclosure with all of the conferences our team sponsors worldwide and ask conference organizers to promote vendor notification and the coordinated release of updates and vulnerability information.

The BlueHat Planning Team strategically invites security product vendors, security researchers, security officers, members of security response teams and past BlueHat speakers to engage while propelling MSRC values in real-time with a human face.

An almost overwhelming pupu platter of submissions sits before us; limitless in possibilities and all the better to educate our developers and execs with. Along with the great privilege of reviewing these submissions with the fellow members of the BlueHat Planning Team, comes the bittersweet burden of nailing down the final talks to exceed our audience’s expectations. The cool part is we get to immediately start working on the next BlueHat as it’s the best way to stay current on the latest trends around security and privacy.

– Celene Temkin, BlueHat Project Manager

*Postings are provided “AS IS” with no warranties, and confers no rights.*