NEWS Microsoft wants its "Blue Hat" date with hackers to become a regular affair, with biannual events where outsiders demonstrate flaws in Microsoft's product security.
In March, Microsoft invited several hackers to its Redmond, Washington, headquarters for the first time. The two-day meeting of Microsoft insiders with independent researchers provided each side with a glimpse into the other's world. That get-together was such a success that Microsoft is planning more of the events.
Stephen Toulouse, a program manager in Microsoft's security unit, said in an interview: "We want to try and do it twice a year. It had a huge benefit to our developers." The event gives executives and developers a different look at product security, he added.
At one point in the March meeting, a hacker lured a laptop running Windows onto a rogue wireless network. He did it in front of the people who developed the operating system. Toulouse said: "You're seeing how the technology that you created could potentially be misused, so you come out of that with a much deeper understanding."
Microsoft modelled and named Blue Hat after the widely known Black Hat security conference, which took place last week in Las Vegas. Many of the talks at the annual Black Hat dive deep into security flaws found in software. (The Blue Hat name is tweaked to reflect Microsoft's corporate colour, in particular the blue badges worn by Microsoft employees at the company's campus.)
Toulouse said: "We sent over 80 people to Black Hat but we have got many thousands more who could benefit from the perspective of a security researcher."
The first Blue Hat meeting focused on security in Windows. The next event could highlight security in products from other Microsoft groups, such as the Office productivity suite or its MSN online line-up, Toulouse said. "We are seeing interest from other groups. You could, in the future, see something like a Blue Hat about Office," he said.
Security researchers are also showing interest in Blue Hat. The event wasn't officially on Microsoft's Black Hat calendar but many researchers asked Toulouse and his colleagues about it and said they wanted to participate, he said.
Security researcher Dan Kaminsky attended the first Blue Hat and supports the event. "It is so nice to be able to complain about something and have somebody stand up and take responsibility," he said.
Kaminsky also said Microsoft is listening to the security community. "We are at the point where all the obvious things we tell Microsoft to do, they already do it," he said.
The next Blue Hat is planned for the autumn but no date has been set yet, Toulouse said.
Joris Evers writes for CNET News.com
Comments
There are 2 comments. Join the discussion
1. Geoffrey Darnton
...when will they ever learn....in my view the key problem is that the architecture of Windows is fundamentally flawed ...just like the internet protocol architectures .... these were produced in the old days when a PC was single-user and did not need the more complex memory management of multi-user machines ... and network connections were simple ... these need total overhaul to bring the world's IT infrastructure into a modern interconnected world ... my view is that we are suffering from excessive monopoly and domination by a few key players who do not want to put in the effort needed ... so everyone suffers from the thought of migrating to a 'proper' infrastructure from our current anachronistic infrastructure ... we need much more competition to enable evolution of this key part of modern life ... or part of those monopolistic profits sitting in bloated bank accounts could be used to do the necessary spade work ... but at the moment we suffer from market extremist ideology .... which results in far more deaths from poverty than deaths caused by current 'religious' extremism ... we need to take this kind of market extremism as seriously as we are encouraged to take terrorist extremism - it kills! - and leaves us with very lousy infrastructure!
2. Geoffrey Darnton
...when will they ever learn....in my view the key problem is that the architecture of Windows is fundamentally flawed ...just like the internet protocol architectures .... these were produced in the old days when a PC was single-user and did not need the more complex memory management of multi-user machines ... and network connections were simple ... these need total overhaul to bring the world's IT infrastructure into a modern interconnected world ... my view is that we are suffering from excessive monopoly and domination by a few key players who do not want to put in the effort needed ... so everyone suffers from the thought of migrating to a 'proper' infrastructure from our current anachronistic infrastructure ... we need much more competition to enable evolution of this key part of modern life ... or part of those monopolistic profits sitting in bloated bank accounts could be used to do the necessary spade work ... but at the moment we suffer from market extremist ideology .... which results in far more deaths from poverty than deaths caused by current 'religious' extremism ... we need to take this kind of market extremism as seriously as we are encouraged to take terrorist extremism - it kills! - and leaves us with very lousy infrastructure!