Posted by: Dave Forstrom, Director, Trustworthy Computing

It’s been an exciting week here at Black Hat in Las Vegas with security researchers presenting on the latest trends and issues impacting networks and systems. Last night Microsoft recognized the BlueHat Prize winners at our Researcher Appreciation Party. I’m pleased to share we have already incorporated one of these winning technologies into our Enhanced Mitigation Experience Toolkit (EMET) 3.5 technology preview. It’s great to see an initiative to collaborate and share innovations a year ago evolve into prototypes with one now available this quickly as a new freely available computer security tool.  Even in an enterprise that is fully updated against known vulnerabilities, EMET provides defenses that protect assets from the yet unknown threats. EMET can easily be used on home machines to protect against known, and unknown, vulnerabilities. The new Technology Preview of EMET was made available July 25.

On Wednesday we released our annual Microsoft Response Center (MSRC) progress report, which highlights our collaboration with the security community and the industry at large. This report shares information about security community collaboration programs like Microsoft Active Protections Program (MAPP) and Microsoft Vulnerability Research (MSVR). Today, over one billion customers are protected due to information shared throughout our MAPP community.  MAPP has been a strong example of how the community can band together through information sharing and literally shift advantage to the good guys because the time to create protections has been significantly reduced. Through MSVR, we’ve coordinated the disclosure of 96 vulnerabilities across 36 different vendors in just 12 months, all in a manner that focused on helping to ensure customers were protected.

During Black Hat we not only gave away more than $250,000 for the BlueHat Prize contest, but we also gave away $20,000.00 in a sweepstakes asking the community what represents the most pressing industry-wide security issue so we can collectively combat more challenges. We will continue to make investments through our own security science and engineering efforts as well as
our work with industry partners and security researchers. We are excited to see what new security innovations lay ahead when great minds meet and share methods and tools to better protect computing experiences.