Yield the mallet: stopping security whack-a-mole

Nov 6, 2020



The problem is known: despite our best efforts to ship secure products, every year our industry continues to deal with a large number of vulnerabilities in software, hardware, and services. Improvements in tools to identify vulnerabilities prior to release, increased training and pen-testing, and established security teams have helped, but we are all still spending too much time and energy fixing individual security issues on released products. This talk is about how security teams, especially PSIRTs, can leverage the information, insights, and (yes) pain of dealing with security vulnerabilities over and over again to drive changes in their company's products and services. This talk will present some of the strategies we have used at Microsoft and in the Microsoft Security Response Center to address bug classes or common vulnerabilities across our products and services. We will share successes, failures, and current endeavors.


About Loco Moco Security Conference

Inclusive product security conference that attracts builders and defenders from around the world.

Store presentation

Should this presentation be stored for 1000 years?

How do we store presentations

Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%


Recommended Videos

Presentations on similar topic, category or speaker