Security, Equality, Fraternity

BruCON Keynote – It has Not Escaped Our Notice

2012-10-02T19:48:00Z

Last week, I returned from maternity leave to fly to the land of beer and chocolate (Belgium), as the invited opening keynote speaker for BruCON 2012 . Keynote speeches I have enjoyed hearing in the past tell stories, and are ideally only deliverable by the exact person giving the speech – which is to say, the stories are personal. Below is the text of my speech in its entirety. I hope you enjoy my stories as input to the just-in-time rendering of your own story. September 26, 2012 –...(read more)

Relishing Opportunities: Have I Mustard the Courage to Ketchup to Steve Lipner?

2010-09-17T22:11:00Z

Yesterday, Steve Lipner was inducted into the ISSA Hall of Fame. A couple of us who know him and have worked with him are talking about Steve’s impact in our endeavors, sharing professional or personal stories. My story about Steve is a little of both. Steve Lipner and I are security opposites in a lot of ways. Steve Lipner came from the DoD; I came from 2600 meetings, and later, @stake. Steve Lipner built A-1 systems to be provably secure; I spent several years as an application penetration...(read more)

Listening on All Ports

2010-07-22T19:25:00Z

By now, you may have seen that Microsoft has changed the name of the vulnerability reporting process we follow from "Responsible Disclosure" to " Coordinated Vulnerability Disclosure ". First, I'd like to thank each and every one of the reviewers, especially those who were willing to be thanked and acknowledged for providing their feedback. There is a range of opinions of the folks on that list, and I expect many of them will share more of their thoughts in the coming days and weeks. For those...(read more)

Ada Lovelace Day 2010

2010-03-25T01:32:00Z

March 24 is Ada Lovelace Day , an international day of blogging to celebrate the achievements of women in technology and science. Over 2000 bloggers have been posting their stories of women who inspire them today. I know too many inspiring women to choose from, which is a great problem to have. I made the only choice that makes sense to me, my mom. She's an embryologist, with enough babies named after her that her skills are highly sought-after by many fertility centers. Her meticulousness and...(read more)

ISO What You Did Last Summer

2009-11-16T04:36:00Z

What was meant as a fun little blog post over the weekend about the human element and excitement at ISO meetings spawned quite a reaction among the researcher crowd. I’d like to set a few things straight before Monday morning rolls around and even more people get the wrong idea and get upset when they could be coding or doing something else productive. Myth: The ISO draft on Responsible Vulnerability Disclosure is some sort of plot by vendors to tell researchers what to do. Fact: The ISO draft...(read more)

Behind the ISO Curtain

2009-11-14T17:55:00Z

When people ask me what I do at Microsoft, in the style of one of “the Bobs” in Office Space posing the question “What would you say ya do here?”, I point them to things like the SDL , the SDL Pro Network , which I manage, or MSVR , which I founded and is now managed by Adrian Stone over in MSRC . Someday, in the next 2-3 years, I’ll also be able to point to an ISO standard. Never in my 9 lives would I have expected to say that at all, let alone with such passion and enthusiasm. To my friends...(read more)

Partial Disclosure: Was It A Cat I Saw?

2009-03-23T21:28:00Z

Quite often in our industry, two (or five) people can look at the same problem from different angles, and see radically different things. Rare is the situation that reads the same to everyone, forwards and backwards. It’s all about perspective. In my appearance on the ‘ Partial Disclosure Dilemma’ Panel at SOURCEBoston this year, I found myself surrounded by great minds who most certainly do not think alike. While there was some agreement and common ground between all parties on the dais, namely...(read more)

The Partial Disclosure Dilemma Panel at SOURCEBoston

2009-03-09T22:46:00Z

Want to know more about the evolving vulnerability disclosure landscape? Have a burning question or opinion about who should get to know, how much they get to know, and when they get to know, as it relates to vulnerability details? Can't make it to SOURCEBoston to see me and a few security industry friends "hug it out" during the Partial Disclosure Dilemma Panel (Thursday 1:30 PM - 3:45PM)?

Come back here in a week or so to read my redux on the discussion that is sure to be lively. My fellow panelists include Dan Kaminsky (IOActive), Ivan Arce (CORE Security), Dino Dai Zovi (recently published co-author of The Mac Hacker's Handbook), and Alex Sotirov (Independent security researcher), moderated by Ryan Naraine (Kaspersky/ZDNet).

Over two hours on the stage -- should be long enough to get a real dialogue going. ;-)

-Katie Moussouris, Senior Security Strategist

Follow me on Twitter: http://twitter.com/k8em0