Debby Fry Wilson here! I had the opportunity to attend the CanSecWest security research conference in Vancouver, Canada last week. It was a tremendously valuable and eye-opening experience to see and hear the passion, dedication and commitment that segments of security researchers put into their craft of finding and exposing security vulnerabilities in software products. In addition, it was an excellent opportunity for Microsoft to learn about the latest technical trends in the security research field, as well as build deeper relationships with key members of a community that is inherently important in helping us find and manage security vulnerabilities.
The most significant takeaway for me is that security threats continue to become more and more sophisticated and continue to evolve as dramatically and rapidly as the underlying technology. Moreover, the number of security researchers, the uncovering of software security vulnerabilities and the availability of exploit code continues to grow and expand.
As the overall lead at Microsoft for communications around security issues, I am more convinced than ever that communicating more frequently and more authoritatively is absolutely critical in our quest to help customers secure their systems and networks from ever-evolving security threats. That is why I’m leading an effort at Microsoft to get customer feedback on our current communications offerings through customer research and online and in-person focus groups – and ultimately will be using that feedback to drive improvements to our security bulletins and looking at new and better ways to communicate to customers more effectively on security issues. (Customers can participate in the customer research by visiting www.microsoft.com/technet/security/current.aspx or http://www.microsoft.com/technet/security/bulletin/ .)
And I am very pleased that today we are launching our first initiative in this effort with our new Microsoft Security Advisories, to provide customers with authoritative and timely guidance when there is a security issue which may not require a security bulletin, such as defense in depth configuration changes, or when we can provide guidance and mitigation on publicly disclosed vulnerabilities for which we don’t have a security update immediately available. (You can find out more about our new advisories at http://www.microsoft.com/technet/security/advisory/default.mspx .)
As of today, Microsoft Security Advisories is a pilot program and we are concurrently launching it with our customer research to both add to our communications offerings and to get as much customer feedback as we can on a variety of communications tools – so that we can refine and improve how we respond and communicate to security issues.
I look forward to hearing from customers through our customer research and in direct feedback on our new Advisories – how we can make security management more streamlined, effective and meaningful for customers.
-Debby Fry Wilson
*This posting is provided "AS IS" with no warranties, and confers no rights.*