C|Net is carrying a story this morning about the Bluehat summit we held at the Microsoft campus a few months back. Bluehat is a bit like Blackhat: we can't fly everyone to Blackhat, so why not have some of the speakers come to Redmond and speak instead? Our ID badges are blue, hence the term "Bluehat." Good job our IDs are not red :)

The first day of Bluehat was for VPs at Microsoft, I've always believed that if your *REALLY* want to make a difference, you have to have 100% buy-in from the execs, if your execs don't get why security is important, you will not make progress. This is why we're seeing such great progress at Microsoft - the execs (from BillG down) get it. Believe me, thet GET IT!

The second day was for engineering folks - I attended all the sessions and was fortunate enough to be the MC during the final Q&A session with all the attendees and speakers. It was fun, candid, open and very lively.

Anyway, here's the link to the story, it's a great read http://news.com.com/Microsoft+meets+the+hackers/2009-1002_3-5747813.html?tag=nefd.lede

One quote that caught my eye:

They are taking this subject seriously. It was really cool to see …. "At some point, there was a shift at Microsoft." – Dan Kaminsky

and this which speaks to my comment about executive support:

"I doubt that there is another large company on this planet that has that level of technical competency in management roll." – HD Moore