Description: PPT : - http://www.sourceconference.com/publications/bos12pubs/Source%20Boston%20MSRC%20Process%20Conference%20Presentation.pptx
Microsoft’s Response Process: 10 Years of Hard Knock Learning, David Seidman, Senior Security Program Manager, Microsoft (@msftsecresponse) & Jeremy Tinder, Security Program Manager, Microsoft
The Microsoft Security Response Center has been reacting to security vulnerabilities and incidents for more than 10 years, and we’ve learned a few things along the way. In this presentation, we’ll pull back the curtain and walk you through the formal processes and informal guidelines that we use to handle hundreds of vulnerability reports every year, and we’ll help you apply these lessons to your own organization. When you leave this presentation, you’ll have a better understanding of Microsoft’s decision-making process and you’ll be able to greatly improve your organization’s own response processes. You’ll also learn how your organization can add capabilities as you grow. This content is focused on responding to software vulnerabilities in software developed by your organization. If you write code, the day will eventually come when you need to respond to a security issue. Learn from our experience and get your response right the first time!
David Seidman is a Senior Security Program Manager on the Microsoft Security Response Center Software Security Incident Response team. Prior to working at the MSRC, David managed development of Microsoft Office security updates and service packs.
Jeremy Tinder is a Security Program Manager at the Microsoft Security Response Center. Prior to working at the MSRC, Jeremy was an independent security consultant teaching ethical hacking classes between helping businesses secure their networks.
Tags: securitytube , hacking , hackers , information security , convention , computer security , SOURCE-boston-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.