Vuln Hunt: Find the Security Vulnerability Challenge

vuln hunt image

There’s a saying that many people have heard, “If it was snake, it would have bitten you.” More often than not, that’s the case with software vulnerabilities. A security class bug can often be so subtle in a program that human reviews, static code analysis and other sophisticated tools might not find it. Yet at the same time, finding that vulnerability can be critical, especially if it is exploitable. During … Read more »

Looking Forward: Trustworthy Computing


When Bill Gates announced the Trustworthy Computing Initiative in 2002, he recognized that we needed to change both our processes and culture if we were to make fundamental changes in our products. To ensure that occurred, a centralized group was given responsibility to drive the initiative forward. At the 10 year milestone in 2012, a decade of progress was noted in a number of ways; a chief one being the … Read more »

Cybercrime, Data Protection, and Multi-Factor Authentication (MFA)


Most people are familiar with the concept of an arms race. In the world of cybersecurity, this phrase is also in use. A cybersecurity “arms race” typically refers to escalating responses when one party creates a threat, and then a counter-measure is created to meet the new threat head on, resulting in a new baseline which then requires ever more sophisticated attacks in order to be successful. For better or … Read more »

Cyberspace 2025 Student Essay Contest


When Sam Coxwell submitted his entry to last year’s Microsoft cybersecurity essay contest, he was focused on one thing, winning.  His entry “Cybercrime: Why does it pay, and what can we do about it?” centered on the future of cybersecurity policy research.  It was one of 48 entries we received from students around the world researching the complexities that impact cybersecurity policy. Today, we’re kicking off this year’s contest, the  … Read more »

Risk Meets Reward: Windows Phone 8.1 Security Overview

Flying cars, intergalactic travel, and transporters are not the commonplace items in 2014 that were envisioned for the future throughout the twentieth century. Still, when considering the shoe phone from the television series “Get Smart” through to the fairly limited functionality of the Star Trek communicator, mobile phones might be the single best example of technology that has lived up to our science fiction dreams. Not only can we make … Read more »

Industry Vulnerability Disclosures Trending Up


A vulnerability disclosure, as the term is used in the Microsoft Security Intelligence Report, is the revelation of a software vulnerability to the public at large. Disclosures can come from a variety of sources, including publishers of the affected software, security software vendors, independent security researchers, and even malware creators. The vulnerability disclosure data in the Security Intelligence Report is compiled from vulnerability disclosure data that is published in the … Read more »

Topics from Cybersecurity Bootcamp #1 – Cyber Hygiene


This past week I was privileged to attend Stanford’s inaugural cybersecurity boot camp, where two dozen congressional staffers joined academic and industry experts to discuss ways to protect he government, the public and industry from cyber threats. For me, it was encouraging to see congressional staff members deeply engaged in security and threat discussions on a range of cybersecurity topics and it was a good reminder of how broad a … Read more »

Major Rights Management Update to Office and Azure


For many of the CISOs I talk to regularly, data leakage prevention continues to be a topic of high interest. Whether using either a cloud service or an on premise solution there are a number of reasons that it is important to protect the workplace documents you share with others. To date, data protection technologies have become increasingly more complex in order to support the number of devices and platforms … Read more »

What will cybersecurity look like in 2025?, Part 3: How Microsoft is shaping the future of cybersecurity

Cybersecurity 2025 part 1

Today’s post concludes our three-part series on Cyberspace 2025: Today’s Decisions, Tomorrow’s Terrain which presented three views of the world and cyberspace in 2025—Plateau, Peak, and Canyon. PEAK – the Peak scenario represents a world of innovation, where information and communications technology (ICT) fulfills its potential to strengthen governance models, economies and societies PLATEAU –  the Plateau scenario is a “status quo” world, in which political, economic and societal forces … Read more »

What will cybersecurity look like in 2025?, Part 2: Microsoft envisions an optimistic future

Cybersecurity 2025 part 1

The future of cybersecurity will be influenced by more than just technical factors like the spread of malware, or even targeted cyber-attacks.  Global responses to social issues such as population growth, educational investments, or even trade liberalization will also play a significant role.  Continuing our series examining what cybersecurity will look like in the year 2025, let’s look at how the technology and social policy decisions addressing important issues, will … Read more »