Hey, Andrew Cushman here.

 

BlueHat v7 May 1st and 2nd has another great lineup of leading external security researchers and internal Microsoft engineers.  This spring’s event is titled Up High, Down Low, Too Pwned and has two themes – web application insecurity and architectural security challenges. We kick it off Thursday with the exec day, then follow that on Friday with the general sessions for engineering, support and sales teams.

The web app/browser track includes a session from Alex "Kuza55" K. of SIFT in which he shares his thoughts about "Web Browsers and Other Mistakes." A star in the security research community and new to Microsoft, Billy Rios makes an inaugural BlueHat appearance with his talk, "Bad Sushi: Beating Phishers at Their Own Game."  And Manuel Caballero has joined forces with the inimitable Fukami to pull back the cover on Silverlight in the talk: "A Resident in My Domain, plus, Unweaving Silverlight from Flash.”

Cesar Cerrudo anchors the architectural challenges track. His talk “Token Kidnapping” demonstrates how hard it is to get everything right in complex systems. We’ll also hear “Attacking Anti-Virus” from Sowhat of Nevis Labs.

We’ll wrap up the day with a couple of special sessions. We have a number of diverse guests lined up for a panel discussion on the Vulnerability Economy. Following that, Bryan Sullivan, who joined Microsoft about 6 months ago, will talk about his impressions and experiences and respond to the allegation that working in security at Microsoft is the sixth worst job in the world. He will go so far as to state that it is in fact the second best.  J  You’ll have to tune in to the upcoming video podcast interviews to find out what else made his top ten list.

The goals for the seventh edition of BlueHat remain the same:

- Expose senior product leaders and front line engineers to the threats, attack tools and methodologies used in the real world; taking the security threat from the theoretical/intellectual level of, “I understand what a buffer overflow is,” to “OMG that’s what it’s like.”  BlueHat connects with execs and engineers at a visceral level and *really* brings the message home.

- Expose security researchers (and the security community) to Microsoft engineers and business leaders. BlueHat gives us a chance to open up on our home turf and give researchers an opportunity to interact with all levels of the organization. They get to experience first-hand that Microsoft does have smart, passionate engineers that do care about security.

We continue to expand the BlueHat blog and the TechNet site to keep you up-to-date on the happenings at the conference. We’ll update both regularly with new blog entries and video podcasts.

-Andrew