MSRC looks back at ten years, and the February 2012 bulletins
- Tuesday, February 14, 2012, 10:05
- Threat Research
Ever wondered where Update Tuesday bulletins come from, or what it’s like around Microsoft when a serious information-security situation arises? Or wondered who precisely is responsible for getting your monthly bulletin releases out the door?
Update Tuesday, which brings us here today, is one of the most prominent results of that famous Bill Gates memo that put security at the center of Microsoft’s development and support efforts -- just over 10 years ago. We Trustworthy Computing folk tend to look more to the future than to the past, but on the 10-year anniversary a few of us sat down to talk about incident response, the security ecosystem, and how Microsoft collaborates with the industry:
MSRC senior security program manager Dustin Childs explains why, in MSRC, “the second-Tuesday cycle is what we live for” and gives a glimpse at how the Microsoft response process handled MS08-067 – the case that became Conficker.
MSRC senior director Mike Reavey on never making the same hard decision twice in incident response.
MSRC security program manager Leigh Honeywell on coming to Microsoft from the open-source community and becoming an Internet firefighter.
EcoStrat senior security strategist Katie Moussouris on the crucial need to reach out to researchers, and the process of convincing Microsoft to pay out a quarter of a million dollars in the BlueHat Prize.
EcoStrat senior security manager Maarten van