14 DAY TRIAL // Microsoft is wide open to hackers. Confidence about the security standard of the software products delivered has grown over time to the level where the Redmond company can afford playing with fire and not get burned. The integration of the complex Secure Development Lifecycle methodology into the process of building code has elevated Microsoft from the position of the underdog when it comes down to protecting users. Additionally, the company has started evolving a close relationship with white hackers, independent security researchers, as well as with hardcore experts deeply involved with the industry. In this sense, Andrew Cushman, Microsoft's director of security outreach, announced that between September 27th and 28th, the Redmond campus will house BlueHat v6: The Vuln Behind The Curtain.
"Once again we have two days of great security content that covers the spectrum of issues in security. The BlueHat speakers, both leading external security researchers and internal Microsoft engineers, will pierce the security veil of virtualization and process isolation. Plus, we've got a couple of talks on Windows Mobile and more about automated exploit creation - this time using Metasploit. There will also be a talk on a DNS pinning design issue that demonstrates how Internet Explorer can turn into a VPN concentrator. All this--and talks on Office, Binary Instrumentation, Visualization and the Economics of Security," Cushman stated.
Microsoft's efforts into connecting with the security industry will ultimately be reflected into the quality of the software it will put out. Cushman commented that in the past decade, the relationships between the company and the security ecosystem have deepened. And the fact of the matter is that Microsoft needs to do security above anything else in order to change the end users' perception of its products. In this sense, there is a reason why Windows Vista is applauded as the most secure Windows operating system on the market. Because security is one of the main aspects that users fail to associate by default with Microsoft products.
Cushman explained that BlueHat is designed "to expose senior product leaders and front line engineers to the threats and attack tools and methodologies used in the real world; and security researchers (and the security community) to Microsoft engineers and business leaders."