BlueHat is not just an event, it’s a community, a network based on relationships developed over time, an integral part of our engineering science and outreach security efforts at Microsoft. As part of the team 'shipping' BlueHat, I spent some time in the speaker lounge – the room where speakers, community and Microsoft folks gather and meet during the conference. It was both fascinating and surreal and we look forward to bringing you more commentary about the event along with video podcasting via the blog in the coming weeks.
BlueHat is rewarding to me because our team is able to help virtual teams form out of traditional rivalries. Observing Adobe’s response team in discussions with Fukami – a Flash researcher notoriously at odds with the company. Participating in lively discussions about Mark Dowd’s latest research paper. Watching ”aha!” moments happen as product teams and researchers from all over Microsoft met with the researchers focusing on their products. CERTs, major guidance providers and security researchers breaking bread together. Community members (such as, several members of the TESO board of directors) greeting each other in person for the first time, after knowing each other virtually, for years. Legendary researchers in the community engaging in dialog with new up-and-comers like Alex K.
BlueHat also brings home how much security work is ahead of us and the how the asymmetry between attack and defense continues to widen. Bryan Sullivan’s talk highlighted that although we have made outstanding progress securing the operating system, we now have to make that same outstanding progress in the Web space. An environment with development cycles measured in weeks versus years, and one that presents challenges to the application of the traditional SDL. Billy Rios and Nitesh Dhanjani kept us entertained while confirming that phishing is easy, prolific, money-driven and not as funny as your father’s maiden name. All the panelists reminded us that researchers continue to look for vulnerabilities and there are many 3rd party attack vectors, apart from the OS and core shipped components, even including security products.
We recognize the need for community-based defense (researchers, guidance providers, CERTs, etc.) as we continue to introduce new folks into the BlueHat network. Thank you to all of the speakers, guests and passionate supporters of BlueHat– we look forward to continuing to evolve and add value to this important community.
It’s our planet – let’s secure it!
Senior Security Strategist