On the Shoulders of Blue Giants


Katie Moussouris

Senior Security Strategist Lead, Head of Microsoft’s Security Community and Strategy Team

Cool vulns, BlueHat, soldering irons, quantum teleportation

Rudeness, socks-n-sandals, licorice

BlueHat v12 here in Redmond is in full swing – it started yesterday for full-time Microsoft employees only, and continues today as we welcome our invited guests from beyond Microsoft. I’m excited to see and contribute to this year’s content as it unfolds on stage, and even more excited for all the side meetings that take place here in the hallways of the event.  It makes sense for us to take a moment to recognize the people who have contributed to BlueHat over the years, as well as to look forward to where we are going in terms of security community outreach at Microsoft in the years to come.

The BlueHat conference itself was groundbreaking in 2005, when the first group of hackers were invited by Window Snyder and Andrew Cushman to speak directly to Microsoft developers and executives about the products in which they were able to find security vulnerabilities. Back then, no major vendors had formally hosted an internal security conference before, but doing events like BlueHat is now an accepted industry practice for many major vendors.

We as an industry owe Window and Andrew our thanks for blazing this path, and also many thanks to the people over the years who have developed the BlueHat conference to be what it is today. That list includes but is not limited to Kymberlee Price, Celene Temkin, Dana Hehl, Sarah Blankinship, Mike Reavey and, most recently, Emily Anderson. Part of what makes BlueHat special to the speakers and attendees are the personal touches and vision that each person on the list above contributed.

One of the elements that makes BlueHat such a vital part of our overall security community outreach at Microsoft is the “hallway track.” This is where the invited guests and the Microsoft folks can dive deeper into the topics that are being presented, or diverge into other topics entirely – sometimes with far-reaching effects on improving security by leaps and bounds. As the conference has evolved over the years, some of the people we invite are here to meet with Microsoft engineers and to learn from the content that is presented, such as the MAPP partners we invite. It is the exchange of ideas that can help improve our products, as well as the products of others who are in attendance, that continues to make BlueHat special.

Many other conversations that will take place in the hallways at BlueHat over this week and beyond will help shape security defense for another generation of the Microsoft computing ecosystem. The relationships being forged and reinforced among Microsoft product teams, security engineers, and the external security research community in these halls will likely bear fruit in terms of helping to improve security for existing and future products and services.

There is an old saying that can be paraphrased as “If we can see a little further out into the horizon, it because we are standing on the shoulders of giants.”  Even as we face some familiar and not-so-familiar security frontiers such as online service security, mobile computing device security, app store security, and the ever-present human factor being exploited via social engineering attacks, we as members of a holistic global computing ecosystem will continue to benefit from the multi-directional exchange of ideas that happen at BlueHat.

Our team continues to expand the ways and means by which we facilitate these pivotal conversations, standing on the shoulders of “blue giants” who have built the security community outreach programs like the BlueHat conference itself, and our worldwide security conference sponsorship program.  As we evolve and grow, we add new programs to the overall outreach strategy to help us get better at security today and in the future. An example of a new program we added recently is the BlueHat Prize contest for security defense, for which this year we gave away over $260,000 in cash prizes for ideas in platform-level defense.  As I said on stage at BlueHat Wednesday morning, Microsoft will continue to invest in security defense challenges — and the next iteration of the BlueHat Prize contest will be announced around the time of the BlackHat USA conference next summer.

So to those who came before, thank you, and to those who will come after, enjoy the view.  I, for one, can’t wait to see what’s just over the horizon, and it’s looking very blue.

Katie Moussouris
Senior Security Strategist, MSRC