Listening on All Ports

By now, you may have seen that Microsoft has changed the name of the vulnerability reporting process we follow from “Responsible Disclosure” to “Coordinated Vulnerability Disclosure“.  First, I’d like to thank each and every one of the reviewers, especially those who were willing to be thanked and acknowledged for providing their feedback.  There is a… Read more

Behind the ISO Curtain

When people ask me what I do at Microsoft, in the style of one of “the Bobs” in Office Space posing the question “What would you say ya do here?”, I point them to things like the SDL, the SDL Pro Network, which I manage, or MSVR, which I founded and is now managed by Adrian… Read more

Partial Disclosure: Was It A Cat I Saw?

Quite often in our industry, two (or five) people can look at the same problem from different angles, and see radically different things.  Rare is the situation that reads the same to everyone, forwards and backwards.  It’s all about perspective.  In my appearance on the ‘Partial Disclosure Dilemma’ Panel at SOURCEBoston this year, I found… Read more

The Partial Disclosure Dilemma Panel at SOURCEBoston

Want to know more about the evolving vulnerability disclosure landscape?  Have a burning question or opinion about who should get to know, how much they get to know, and when they get to know, as it relates to vulnerability details?  Can’t make it to SOURCEBoston to see me and a few security industry friends “hug… Read more