Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
TechEd 2007 is coming next week and I am excited to have two sessions this year. If you sometimes find the information I post on the blog here interesting, then I think you'll enjoy these sessions. In any case, stop by and say hi.
MONDAY - SEC208 - Jeff JonesMicrosoft Windows vs. Linux Vulnerabilities: Metrics and Techniques for Analysis6/4/2007 3:00PM-4:15PM N220 F
NOTE: I will be revealing my "Vista 6-month Vulnerability Analysis" numbers at this session. Jeff Jones leads this technical discussion with attendees that digs into metrics and techniques for current popular metrics such as “days of risk,” “daily vulnerability exposure,” as well as more common vulnerability counting methods. Additionally, the session explores techniques to filter by components, severity, and other factors and how various assumptions affect results when comparing modern x86 operating systems. Jeff also shares his own up-to-date results for Windows, Red Hat Enterprise Linux, Ubuntu and Mac OS X as key examples of the different methods.
TUESDAY - SEC407 - Michael Howard and Jeff JonesFundamental Security Changes in Windows Vista6/5/2007 1:00PM-2:15PM N320 E
Windows Vista is the end result of a focused security effort by Microsoft and their security development lifecycle. This session explores the architectural and protective internal design changes like ASLR, service hardening, low rights Explorer, and other fundamental changes—by looking at how past attacks would have fared against Vista.
Other sessions which I can strongly recommend ( which is roughly my own schedule for the sessions I plan to attend ):
Kai Axford blog, Michael Howard blog, Steve Riley blog, Mark Russinovich blog, Marcus Murray blog
And I should probably also recommend the Security @ TechEd 2007 site at Microsoft, which will have daily updates and podcasts during TechEd.
See you there! Jeff