Mike Andrews here. With a very broad brush, the vulnerabilities we see can be split into two categories -- flaws and bugs. Flaws are inherent problems with the design of a system/application – Dan Kaminskys’ DNS vulnerability would be a good example....

Handle: Security Blanki IRL: Sarah Blankinship Rank: Senior Security Strategist Lead Likes: Vuln wrangling, teams of rivals, global climate change - the hotter the better Dislikes: Slack jawed gawkers (girls are geeks too!), customers @ risk...

Goodbye 2008- Hello 2009! Over the past year we, the MSRC EcoStrat team and all-up TwC Security have been a lot of places, seen a lot of people, and picked up a lot of t-shirts J. On the road, we work hard to create more opportunities for technical information exchange in strategic ways. One way is by co-sponsoring security conferences in various geographic hotbeds to support the de-mystification of global threats and security threats through education. Another way is by presenting candid talks and having open conversations in order to create channels for productive information exchange on common threats between the security industry, governments and researchers.

...