The Three Ghosts of Microsoft Security
Wednesday 8th October 2008, 7:00 pm
Speaker: Stephen Lamb, Microsoft UK
Venue: The Royal Scots Club Hepburn Suite, 30 Abercromby Place, Edinburgh EH3 6QE - map and direction.
This talk is free of charge. Refreshments available from 6:30 pm.
Features, functions and flashing lights - that's what the majority of developers focussed upon. Certainly there were those who wrote security features, but the vast majority of Microsoft developers devoted most of their time to meeting the needs dictated by the functional specification. Windows and Office became some of the most hacked and exploited software on the planet.
This all changed four years ago when Bill issued his memo kicking off "Trustworthy Computing", dictating that Security was "job one". A huge cultural change ensued, including all development being halted while everyone underwent appropriate security training. Microsoft's Security Development Lifecycle was born and with it a significant change to the way each of us worked. Secure by default, design and deployment became the mantra for Microsoft software. Hackers have now shifted their primary focus towards third party applications to discover bugs and security weaknesses that they can exploit.
What is the future for Microsoft security? How will we ensure that we continue to lead the way in eradicating vulnerabilities whilst maintaining ease of use and functionality that excites our customers? What new threats lie around the corner? What can we expect from security in "Windows 7"?
In this talk Stephen will take us through the history of Microsoft security, bringing us up to date on where Microsoft is at today and point out the direction of security improvements coming down the pipeline. He will also discuss how Microsoft responds to security incidents and explain the process to release updates and patches to fix vulnerabilities. Come along to hear why Microsoft software is now some of the most secure on the planet.
About the speaker