[prev in list] [next in list] [prev in thread] [next in thread] 

List:       patchmanagement
Subject:    MSRC Ecosystem Strategy Team : Community Based Defense - Redux:
From:       Susan Bradley <sbradcpa () pacbell ! net>
Date:       2009-07-27 19:24:51
Message-ID: 4A6DFF03.7010809 () pacbell ! net
[Download RAW message or body]

MSRC Ecosystem Strategy Team : Community Based Defense - Redux:
http://blogs.technet.com/ecostrat/archive/2009/07/27/community-based-defense-redux.aspx

OMG it’s great to be back in Vegas again – the shows, the shopping, the 
nightlife, and let’s not forget the talks at Black Hat, the old and new 
friends, the excitement and the drama. I can hardly wait to see what 
develops this year!

Last year at Black Hat, the Microsoft Security Response Center announced 
three new programs – Microsoft Active Protections Programs (MAPP), 
Microsoft Vulnerability Research (MSVR), and Microsoft Exploitability 
Index. I was honestly a bit nervous about how the programs would be 
received. Would the community ridicule them (and us)? Were the programs 
as solid as we thought they were? Would they stand the test of time? And 
most importantly, would they help advance community-based defense?

It’s a year later and I’m happy to report that the programs were not 
only well received, but have proven to be effective, accurate, and 
continue to deliver results. MAPP is changing the balance between 
attacker and defender, MSVR is raising the security of the overall 
ecosystem, and the Exploitability Index continues to provide customers 
with accurate, easy to understand, and actionable guidance. Today, MSRC 
published a report card – *“Building a Safer, More Trusted Internet 
through Information Sharing”* – that both summarizes these results and 
provides specifics around goals achieved. Read all about it here 
<http://go.microsoft.com/?linkid=9674183>.

Today at Black Hat, MSRC also released a new set of tools and guidance 
aimed at continuing to advance community-based defense and simplify 
customers’ management of the risk environment.

First up, the *Microsoft Security Update Guide* - a one stop shop of 
information on Microsoft’s Patch Tuesday, including what information we 
release, best practices, and a framework to help make the complex patch 
management landscape more clear. It’s available for free download here. 
<http://go.microsoft.com/?linkid=9673472>

On the tooling front, the MSRC Engineering team (owners of and 
contributors to the SRD blog <http://go.microsoft.com/?linkid=9674480>) 
released the *Microsoft Office Visualization Tool*. Available for free 
download here <http://go.microsoft.com/fwlink/?LinkId=158791>, the new 
tool lowers the barrier to understanding the Office binary file format 
by allowing IT professionals, security researchers, and malware 
protection vendors to deconstruct .doc-, .xls- and .ppt-based targeted 
attacks.

Lastly, we’re pleased to point to the latest updates from *Project 
Quant* <http://www.securosis.com/projectquant>*, *a cost model program 
for patch management response* *collaboratively lead by Rich Mogulll 
(Securosis) and Jeff Jones (Microsoft). With the new information 
released today – Project Quant Report 1.0, Model Spreadsheet 1.0, and 
the Survey Report – the community is better able to improve their update 
practices by addressing many of the challenges organizations face 
optimizing their systems and maintaining security while striving to 
keeping costs down.

Black Hat is an exciting time and I’m thrilled to showcase the impact 
and continued progress of MSRC – and even more so to demonstrate how 
Trustworthy Computing continues to evolve in response to the changes in 
the threat landscape, and truly helps protects customers through 
community-based defense and collaboration.

See you at Caesars!

Andrew



---
When posting or replying to messages on this list, please send all
emails in plain text format.  HTML formatted messages will not be accepted.

PatchManagement.org is hosted by Shavlik Technologies

To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement@patchmanagement.org
[prev in list] [next in list] [prev in thread] [next in thread]