Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Craig here again. What a day. Release Day. You never know what it is going to bring around here. Craziness usually, but I like it that way. I usually come in early on release day and it is one of the few days in a year where I will get some breakfast from one of the cafeterias here. Today I decided to bust out with some biscuits and gravy, and a few pieces of bacon. Then my staple, a venti almond mocha with a wee bit of whip cream (takes the heat off those first few sips).
My family always asks me what I do at Microsoft, along with the classic “do you know Bill Gates?” and I often have a tough time explaining my role here. At a very high level, I manage the process of releasing our security updates and related content. Then my sister will ask me, “so you make the update?” Nope. Basically there are a dozen or more teams we work with on any given update. There is the Product Team that is actually building and testing the update, the Technet team that creates and hosts some of our content, Windows Update, Office Update, multiple groups within Product Support Services (PSS), PR, our own IT folks, Microsoft Security Baseline Analyzer (MBSA), SMS, Microsoft.com operations, Localization, Microsoft Update, our security engineers, and of course any number of layers of leadership across the company.
I work towards getting all the updates, bulletins, and other content out the door by 10AM PST on release day. However, that can prove to be a bit of a challenge as there are multiple “channels” for Windows Update, the Download Center, Office Update, and now Microsoft Update. Timing can be something of an educated guess based on the amount bits, affected products, etc. Since going to a monthly cycle over a year and half ago this has all become much more predictable, but the one-shot load has become heavier on our toolset.
There is a lot of work prior to release that goes on around here too. Bulletins go through a lot of review and thus have to meet a number of milestones. We are constantly working hand in hand with the product and security engineering teams to make sure that we are coding the right fix, and not leaving anything out. We have a detailed process with many checkpoints and milestones that make sure we are driving towards quality- all pieces of a schedule that I drive with the team. I would like to think that it is as simple as writing up a quick document for some update that gets dropped out on the Internet, but that’s just not the case. We wholeheartedly want to make sure that we are protecting our customers and giving them good guidance in our bulletins.
The area that I mentioned last week that I focus a lot on is detection and deployment. How easy will the release be to detect and deploy for? Are we providing the right means to do detect and deploy? Reboot and size concerns? What are the potential areas of pain? And much, much more. These are all things that I am trying to put more time and thought into.
So that’s a high level of what I do in much more detail than I can ever get across to friends and family J Anyways, big release, big day. Time to go home, relax a bit, and see if Detroit can turn around make the NBA Finals a good series to watch.
BTW I will be at BlackHat in Vegas and then DEFCON at the end of July. Look for me. I’m always up for a drink pool side J
*This posting is provided "AS IS" with no warranties, and confers no rights.*