Microsoft Vulnerability Research (MSVR)

May You Live in Interesting Times

Handle:StoneZ IRL: Adrian Stone Rank: Senior Security Program Manager Lead Likes: Predictive Analytics, Game Theory, Databases, Sports Cars, NFL Football, Direct People Dislikes: Losing, Liars, Posers, No Talent Clowns It was two years ago at Black Hat that my colleague Katie Moussouris announced the launch of the Microsoft Vulnerability Research (MSVR) program. Shortly thereafter I …

May You Live in Interesting Times Read More »

Coordinated Vulnerability Disclosure: Bringing Balance to the Force

Today on the MSRC blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated Vulnerability Disclosure. I wanted to provide some context and history on how this came about. This post is about changing the way we at Microsoft talk about some familiar disclosure concepts, and is meant as an introduction …

Coordinated Vulnerability Disclosure: Bringing Balance to the Force Read More »

BlueHat Security Forum: Buenos Aires Edition–Shipping!

Handle:Silver Surfer IRL: Mike Reavey Rank: Director, MSRC Likes: Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes: Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns I’m here at the second edition of the BlueHat Security Forum, this time in Buenos Aires. So far it is shaping up to …

BlueHat Security Forum: Buenos Aires Edition–Shipping! Read More »

Threat Complexity Requires New Levels of Collaboration

When complex security issues that affect multiple vendors arise, calling them “challenging” is an understatement. We created the Microsoft Vulnerability Research Program (MSVR) to meet those challenges, learn from those experiences and strengthen the ties of our community of defenders across the industry in the process. As the state of software security matures beyond straightforward …

Threat Complexity Requires New Levels of Collaboration Read More »

Constants and Change

Microsoft has been talking about community-based defense for some time now. This week, I want to provide a personal dimension to the campaign, and give an update on recent activities. Curiously, as I started to write this post, a couple of phrases popped up, which despite being somewhat trite, seemed appropriate – “change is constant” …

Constants and Change Read More »

Black Hat Follow Up: Answering the Hard Questions

Handle:Silver Surfer IRL: Mike Reavey Rank: Director, MSRC Likes: Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes: Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns It’s October! And for those who remember Black Hat 2008 in Las Vegas, this means the programs we announced have launched. These programs …

Black Hat Follow Up: Answering the Hard Questions Read More »

Leaving Las Vegas: A Black Hat Salute

Handle:The Crushman IRL: Andrew Cushman Rank: Security Director Likes: Cranberry juice (thanks Jay!) Dislikes: Super helpful hotel desk clerks (thanks Raoul?) What can I say? Once again, Black Hat did not disappoint. And that’s not just post-party speak. The conversations were good, the input was invaluable, and the support for the new programs we launched—well, …

Leaving Las Vegas: A Black Hat Salute Read More »