Yesterday, Microsoft published the new Security Intelligence Report for the 2nd half of 2007. (home page is http://www.microsoft.com/sir , and the download page is here ). As one of the contributors for the report, I'd like to highlight the findings summary for the Industry vuln trends: Vulnerability disclosures decreased by about 5 percent in 2007, reversing a multiyear trend of increasing disclosures. Almost all of this decrease was observed in the second half of the year, which had the fewest...

Y esterday was a busy day, so I get a bit behind with my updates on RSA, but I wanted to post about the Microsoft keynote, in addition to the others I attended. Format was fireside chat, with Craig Mundie, Microsoft's Chief Research and Strategy Officer sitting and talking with Chris Leach, Chief Information Security Officer at Affiliated Computer Services. [fwiw, I personally don't love the fireside chat format. Give me videos, fancying graphics and lots of acrobats on the stage ...] I knew...

In the past, I haven't always stayed to hear the Crypto panel, but based upon the excellent one this year, I'll definitely include it in my plans going forward. If you want to hear an overview of what they all said, I can recommend Robert Vamosi's story Cryptographers speak of threats, voting, and Blu-Ray rumors . I want to highlight the points that Martin Hellman raised with respect to 99.9% probability as a martin of safety, complacency and low probability events. He had one slide - a picture...

Following RSA President Art Coviello on the keynotes this morning was John Thompson, CEO of Symantec. The topic of the keynote was " Information Centric Security: The Next Wave. " On one hand, this was one of the more interesting sessions of the morning, because John brought up his Research Labs VP, Steve Trilling, who shared lots of interesting security factoids from their research: 70% of malware during the latter half of 2007 stole PII Symantec believes we may have reached an inflection...

Though the tutorial sessions kicked off Sunday and ran through today, the RSA Conference Welcome reception kicked things off officially on the show floor at this evening. I arrived late this afternoon, checked into my hotel and made my way over to the convention center to check in and get my badge around 4:00pm. I also went by the speaker lounge to check in and meet up with my co-speaker for my Wednesday session and we were able to make some good progress on slides (yes, they were due weeks ago,...

With less than a week until RSA Conference 2008 , I want to provide a short preview of planned RSA activities. As we have been in the past several years, Microsoft will be very active at the security conference with a Keynote by Chief Research and Strategy Office Craig Mundie and 12 track sessions involving Microsoft people. I will be attending RSA and am planning to be very active in providing updates and information from the show itself, publishing to this site as well as my own blog at http:/...