[prev in list] [next in list] [prev in thread] [next in thread]
List: patchmanagement
Subject: MSRC Ecosystem Strategy Team : Community Based Defense - Redux:
From: Susan Bradley <sbradcpa () pacbell ! net>
Date: 2009-07-27 19:24:51
Message-ID: 4A6DFF03.7010809 () pacbell ! net
[Download RAW message or body]
MSRC Ecosystem Strategy Team : Community Based Defense - Redux:
http://blogs.technet.com/ecostrat/archive/2009/07/27/community-based-defense-redux.aspx
OMG it’s great to be back in Vegas again – the shows, the shopping, the
nightlife, and let’s not forget the talks at Black Hat, the old and new
friends, the excitement and the drama. I can hardly wait to see what
develops this year!
Last year at Black Hat, the Microsoft Security Response Center announced
three new programs – Microsoft Active Protections Programs (MAPP),
Microsoft Vulnerability Research (MSVR), and Microsoft Exploitability
Index. I was honestly a bit nervous about how the programs would be
received. Would the community ridicule them (and us)? Were the programs
as solid as we thought they were? Would they stand the test of time? And
most importantly, would they help advance community-based defense?
It’s a year later and I’m happy to report that the programs were not
only well received, but have proven to be effective, accurate, and
continue to deliver results. MAPP is changing the balance between
attacker and defender, MSVR is raising the security of the overall
ecosystem, and the Exploitability Index continues to provide customers
with accurate, easy to understand, and actionable guidance. Today, MSRC
published a report card – *“Building a Safer, More Trusted Internet
through Information Sharing”* – that both summarizes these results and
provides specifics around goals achieved. Read all about it here
<http://go.microsoft.com/?linkid=9674183>.
Today at Black Hat, MSRC also released a new set of tools and guidance
aimed at continuing to advance community-based defense and simplify
customers’ management of the risk environment.
First up, the *Microsoft Security Update Guide* - a one stop shop of
information on Microsoft’s Patch Tuesday, including what information we
release, best practices, and a framework to help make the complex patch
management landscape more clear. It’s available for free download here.
<http://go.microsoft.com/?linkid=9673472>
On the tooling front, the MSRC Engineering team (owners of and
contributors to the SRD blog <http://go.microsoft.com/?linkid=9674480>)
released the *Microsoft Office Visualization Tool*. Available for free
download here <http://go.microsoft.com/fwlink/?LinkId=158791>, the new
tool lowers the barrier to understanding the Office binary file format
by allowing IT professionals, security researchers, and malware
protection vendors to deconstruct .doc-, .xls- and .ppt-based targeted
attacks.
Lastly, we’re pleased to point to the latest updates from *Project
Quant* <http://www.securosis.com/projectquant>*, *a cost model program
for patch management response* *collaboratively lead by Rich Mogulll
(Securosis) and Jeff Jones (Microsoft). With the new information
released today – Project Quant Report 1.0, Model Spreadsheet 1.0, and
the Survey Report – the community is better able to improve their update
practices by addressing many of the challenges organizations face
optimizing their systems and maintaining security while striving to
keeping costs down.
Black Hat is an exciting time and I’m thrilled to showcase the impact
and continued progress of MSRC – and even more so to demonstrate how
Trustworthy Computing continues to evolve in response to the changes in
the threat landscape, and truly helps protects customers through
community-based defense and collaboration.
See you at Caesars!
Andrew
---
When posting or replying to messages on this list, please send all
emails in plain text format. HTML formatted messages will not be accepted.
PatchManagement.org is hosted by Shavlik Technologies
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement@patchmanagement.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic