A little bit about the Security Update Validation Program Late last week there was some confusion about the Security Update Validation program, and I wanted to take a minute to explain how the program works and our reasons behind implementing it. To start, the Security Update Validation Program (SUVP) was tested for about a year before we officially announced it in January. It’s a program that seeks to help ensure the quality of security updates, by testing these security updates in...

And introducing.... I’m Mike Reavey the Operations Lead for the Microsoft Security Response Center. I wanted to take a second to introduce myself and what my team does within the MSRC. Have you ever wondered who’s watching secure@microsoft.com around the clock to respond to new vulnerabilities? Or who works with the security researchers, product teams, and external partners to ensure a security update is complete and delivered to our customers? Or maybe who is authoring the bulletins...

A Post-RSA Nap By now it's no secret that this year we decided to use RSA to help people understand a little more about the MSRC, who we are, what we do, and especially why we do it. The answer to that last, by the way, is a combination of "we are committed to doing our best to help our customers understand and react to security threats" and of course because "we love it". If you are a researcher supplying us with vulnerability information, I hope that you got a chance to meet with...

The MSRC heads back to Redmond In addition to spending time with customers and partners at RSA -- as well as some eager, repeat "Wheel" fans -- we had the opportunity to spend a couple of evenings with some of the journalists who cover security issues. This was a particularly valuable opportunity for the team to build relationships with security reporters and to share insights with them into what we do. In our world, press coverage is one of the most efficient and broad-reaching...

Helping Customers Face to Face It's hard work to stand the whole day, as anyone who has worked a conference will tell you. But it's really also a lot of fun to hear the stories from our customers (though I do fear I'm going to learn some kind of Pavlovian response to the "click click click" of the MSRC "Wheel of Fortune" in my ear the whole day!). Yesterday I listened to a really painful story that one customer had with a virus infection that he just could not get rid of. The virus...

Musings at midnight from the “W” bar For reasons that are not entirely clear to me, I found myself hanging out in a very crowded “W” bar at midnight last night – well past my bedtime – unless, of course, there is some security incident, in which case I would be sitting in my chair at our war room looking and sounding grouchy – but anyway I digress – back to the “W” bar . . . . There was quite a crowd there last night as there as RSA attendees gathered to cap off the night after...

Trends, or lack thereof... Sometimes you can pick up a common theme when you go to an industry show. You find that lots of vendors are talking about topic X or half of the talks seem to mention topic Y. I still haven’t found that common theme though at this event. Looking at the session guide, you can find sessions on everything from IM to PKI configuration, to virus research, to the legal aspects of security. There is even an entire track that talks primarily about how to think about...

MSRC "Wheel of Fortune" We've had another really busy day on the show floor. We've had a continuous line at our “Wheel of Fortune” as survey participants are eager to spin our wheel and win an Xbox game! The surveys keep coming in and we’re getting a great chance to meet customers and partners. The booth is actually so busy that our entire team is working the show floor just to keep up with all the traffic. And I’m beginning to feel a little like a Las Vegas pit boss – keeping an...

Securi-tini anyone? We had a great time last night at a party Microsoft hosted. It was at the Foreign Cinema, which is an awesome restaurant with enormous white walls everywhere that they play movies on. People mingled, eating fantastic food and drinking the occasional “Securi-tini” or “Harvey Firewall-banger” and movies played on the walls all around us. It was funny to see entire conversations stop as people suddenly watched the bridge shootout sequence from Brian DePalma’s “The...

MSRC Customer Survey: Win an Xbox game! Wow, what an exciting day yesterday at RSA! Bill Gates actually talked about the Microsoft Security Response Center within the very opening of his keynote address! Bill also outlined Microsoft’s three key focus areas for security, which are technology innovation, guidance and industry leadership. What we do in the MSRC falls squarely within the prescriptive guidance area. Bill talked about the improvements we’ve made to provide deep guidance...