Sarah Blankinship here. I'm in the Security Technology Unit (STU), a group responsible for product security at Microsoft. One of the STU’s charters is securing products we have and have not shipped yet.
So what is BlueHat? A hacker conference? A way to lure unsuspecting researchers to Microsoft?
The /. comments and speculation about our real motivation for hosting hackers at Microsoft are ever entertaining, however BlueHat is about providing a consistent forum for presenting cutting-edge research, for understanding issues that affect both Microsoft and the entire industry, and great way to inform and educate our developer population. So every six months, our team invites a selection of interesting researchers to Microsoft to present to a variety of people within the company. The security community at Microsoft embraces the opportunity to host progressive, sometimes controversial, security professionals to our home turf so that we can learn, discuss and innovate in the areas of product security and customer safety.
As with previous BlueHats, our guests presented truncated versions of their talks to senior product leaders during the first day of the conference. Mixing extremely technical senior level engineers, architects, technical assistants and executives in a room for a few hours with some of the top security researches in the world provides an interesting dynamic to say the least. The audience was engaged, enlightened and left the sessions a bit more realistic about the state of the vulnerability ecosystem. The speakers were impressed by the technical depth of our execs … at one point during a presentation, a VP pointed out a coding error in one of the presenter’s code snippets.
The second day, the security researchers presented their research to an audience of over 650 attendees in the largest conference room at Microsoft. We also streamed the talks and the lively panel discussion on Future Trends in Security to our developer population worldwide. BlueHat v.4 focused on attack surface reduction and understanding threats to the firewall.
Stay tuned as over the next few days the BlueHat team will be writing about the individual sessions as well as linking to podcasts from the event. Read session abstracts and speaker bios here and check back as we continue to bring more content online at the BlueHat TechNet site.