Skip to main content
MSRC

BlueHat

Can I interest you in a glass of Berry Blue Kool-Aid?: A Recap of BlueHat v7

Tuesday, May 06, 2008

Hello all, Nate McFeters here to give you a recap of all the fun at Microsoft BlueHat v7. If you don’t know me, I work for Ernst & Young’s Advanced Security Center and I also blog over at ZDNet’s Zero-Day Security Blog. You may have also seen me on the conference circuit, as I’ve spoken recently at such prestigious events as Black Hat and ToorCon.

Mi Casa Es Blue Casa

Monday, May 05, 2008

BlueHat is not just an event, it’s a community, a network based on relationships developed over time, an integral part of our engineering science and outreach security efforts at Microsoft. As part of the team ‘shipping’ BlueHat, I spent some time in the speaker lounge – the room where speakers, community and Microsoft folks gather and meet during the conference.

Security at the big software vendors

Wednesday, April 30, 2008

Cesar Cerrudo of Argeniss here. I was thinking what to write about in this blog post and I decided that this would be a good opportunity to acknowledge Microsoft security efforts by highlighting Microsoft improvements, and also to compare how security is currently handled by the other big software vendors.

The Battle for the [Browser] Your PC

Monday, April 28, 2008

Hello, this is Rob Hensing. I work with the SWI team at Microsoft. One focus of my job is looking for mitigations and workarounds that we can use to protect our customers against vulnerabilities and exploits. Part of this involves testing out the mitigation technologies that we’ve baked into a lot of our products as part of the SDL process, such as buffer overflow protection like /GS, execution prevention via DEP, and address space randomization via ASLR.

Announcing: BlueHat v7!

Thursday, April 24, 2008

Hey, Andrew Cushman here. BlueHat v7 May 1st and 2nd has another great lineup of leading external security researchers and internal Microsoft engineers. This spring’s event is titled Up High, Down Low, Too Pwned and has two themes – web application insecurity and architectural security challenges. We kick it off Thursday with the exec day, then follow that on Friday with the general sessions for engineering, support and sales teams.

Effective Software Security: Making the most of tools

Tuesday, April 08, 2008

Hello! My name is Vinnie Liu. I am a BlueHat speaker, and the Managing Director at Stach & Liu, a security consulting firm whose primary practice area includes helping organizations establish effective application security programs. A key component of every application security program is the use of tools and experts. In this post, we discuss the relative strengths and weaknesses between tools and experts, and by doing so, we also learn how these software security resources are best applied in an organization looking to become more proactive with their secure software development lifecycle.

Processing Power to the People

Monday, March 31, 2008

Hey everyone, h1kari here. Katie invited me to do a guest post on the BlueHat blog and so I thought I’d rant a little bit on some ideas I’ve had with how crypto best-practices relate to other areas of security that may hit closer to home for you guys. My current interests are in finding areas of computing that would be a lot more useful if they could only be run faster, so I’d like to hear from you about your experiences and what takes up all the idle time on your processors.

Saddle up for Web App Security, or XSSive Force

Monday, March 24, 2008

Bryan Sullivan here, making a guest appearance here away from my usual home on the SDL blog. It’s great to see BlueHat showing some love to the Web app sec community. I’m thrilled that BH is expanding on its tradition of inviting some of the best and brightest Web app sec minds by dedicating the entire morning to layer 7 issues.

Going big and going home, or Your r00ts are showing.

Thursday, March 13, 2008

Welcome back to the BlueHat blog! Tuesday afternoon, as the taxi carrying Bruce Dang, Dave Dittrich, and I hurtled hurly-burly from Logan airport, I could almost hear my own “welcome back” to my home town of Boston. This was a homecoming heralded by screeching taxi brakes as we popped the most awesome (though surely less than legal) U-turn on Mem Drive into the driveway of the conference hotel hosting SOURCE Boston.

Podcasts and Peppermints

Wednesday, October 03, 2007

BlueHat v6 has wrapped and all the researchers have gone home – or have they? Around here, the buzz sparked by our guests and in-house BlueHat speakers is very much still humming. The side-meetings between researchers and Microsoft teams that I first blogged about during my first month here are continuing to be a huge benefit.