When complex security issues that affect multiple vendors arise, calling them “challenging” is an understatement. We created the Microsoft Vulnerability Research Program (MSVR) to meet those challenges, learn from those experiences and strengthen the ties of our community of defenders across the industry in the process. As the state of software security matures beyond straightforward issues such as buffer overflows and elevation of privilege, we are working diligently towards a new level of cross-industry collaboration on a scale never seen before. We must do so in order to provide our mutual customers with the best possible experience on our platform.
I have always wanted to say that. I am here at the AusCERT 2010 conference in the beautiful Gold coast, Australia. I am here with my fellow ecostrat colleague Karl Hanmore presenting our talk on “Engagement between National/Government CERTs and the vendor community; benefits and challenges”. This talk is going to highlight some of our experiences engaging and collaborating on multiple levels with governments around the globe. We are also going to talk about some key ideas and frameworks that can make the collaboration process between government and vendors more effective. We are also announcing some pilot programs for governments that we hope will help push the collaboration efforts to the next level with regards to shared information levels.