Microsoft? Are you sure?

19 09 2007

UPDATE: Looks like they keep stock-piling Security talent over there at Blue. This time Mike Andrews announces he will be joining the Bing team.

A few years ago I never would have imagined writing this, but it has become very apparent that Microsoft is a serious security company. Sure they have many issues to deal with, but doesn’t any company of this size?

There has been a recent piling of evidence that security is being taken very seriously in Redmond. Some of these examples include:

  • They started holding the Bluehat Sessions, gathering various security experts (includes the likes of Dan Kaminsky and Robert Hansen->”RSnake” within multiple domains and having them work with and present in internal learning sessions.
  • They formed their ACE team responsible for performance, security and privacy across Microsoft.
  • They have published some of the first and only books and software on threat modeling.
  • Microsoft published a security wiki, now in beta.
  • Of course, everyone is aware of their Trustworthy Computing initiative.
  • Believe it or not, an anti-XSS library from MS.

And now this. Mark Curphey is joining the Microsoft ACE team and bringing his product idea with him! This is a great hire for Microsoft and I am very much looking forward to the development of the Oxygen Security platform originally conceived by Mark at SourceClear. I have a great deal of respect for him and have had the opportunity to discuss with him his ideas around the product. For those who don’t know him, he has a great security background that includes the founding of OWASP and leadership positions at Foundstone and ISS.

Congratulations to Mark and Microsoft. Now get busy building Oxygen.

AddThis Social Bookmark Button


Get every new post delivered to your Inbox.

Join 28 other followers