re: Bluehat v3 first thoughts

scubajim — Thu, 16 Mar 2006 23:09:52 GMT

Brad,
While it is true that executives saying that is a measure of sucess (a fairly meaningless measure in this case) it is also an indication that they are clueless about their own product. If they are really and truly surprised then they need to get out of their meetings and be aware of their company's products and the market place. If they weren't really surprised then it is a very disingenous response. (either way it doesn't look that good.)

re: Bluehat v3 first thoughts

BlueHat — Thu, 16 Mar 2006 23:51:05 GMT

The willingness for our executives to take an external point of view and not just acknowledges it but to also turn around and take immediate action to correct or fully understand a point seems like a positive. A few of the speakers commented to me on the level of deep technical knowledge that our product executive staff have; and their genuine concern for doing the right thing. We also have to take into consideration the sheer scale of some of the products we develop. There are executives who have literally thousands of engineers and feature groups in their product lines. There were a few points during the executive sessions where we were all looking at assembly code.

We’re trying quite genuinely to raise security awareness and responsibility at every level here at Microsoft. A few of the talks were standing room only in our largest conference room that can hold 900 people. Having engineers seeing the talks and understanding the threat vectors and how people are attacking their code is quite valuable.

In the days since BlueHat ended, I’ve seen several new feature requests, bug reports and heard architectural discussions on how to move forward combating the current generation of security threats and also how to adapt to the next generation of threats.

At the end of the day this had a positive effect on our people and products which in the end will help work towards the goal of securing the Microsoft platform.

~Brad