Microsoft hosts OEM partners for a crash-course in SDL (Day Three)
So, the final day of the SDL sessions for our OEM partners is complete...
My biggest observation was these guys were utterly engaged, and by that I mean writing copious notes and asking some very pointed and deep questions. The companies could have sent junior people to this event simply to pay lip service to security, but they did not; they sent senior security people who know what they are talking about. But they also know that any help we can give them can only be beneficial to the OEM, Microsoft and most importantly, our customers.
The day started with Mike Reavey doing his an excellent job of outlining the importance of a clear, concise and predictable security response process - it's good for our customers and it's good for Microsoft! He also drove home the point that the Microsoft Security Response Center (MSRC) is an integral part of the SDL and (not surprisingly) a necessary part of a *complete* security process.
The discussion of the Privacy Guidelines for Developers was the source of a number of interesting questions - it's clear that the attendees had invested a good deal of thought on the subject. By having both Tina Knutson and Sue Glueck co-present on the subject, it allowed for a much richer discussion. Tina has a ton of operational privacy experience (and a ton on experience on Windows Vista priavacy) and Sue's ongoing role as legal counsel was a cool and useful mix of perspectives.
We ended by having an open session on the role of procurement in ensuring security. The attendees made a lot of comments in support of driving security processes down the entire supply chain - on the other hand they were quite clear that they can't simply tell suppliers to "clean up their act" without some prescriptive guidance. Looks like we have some work to do!
This training session was a trial balloon; we have yet to look at the detailed feedback from the crowd, but verbal feedback from the attendees and "gut feel" responses from the rest of presenters, tells me that this was a great success.
Who knows, maybe our ISV partners are next...
Comments
Anonymous
November 10, 2006
Dear Michael, I attended this event, and it was one of the most exciting things I have been apart of. The SDL framework that Microsoft has developed is nothing less than amazing. No offense to the others (which were all extremely interesting), but you rocked the show, and gave the technical crew that attended a solid idea of what we have to do in order to achieve success on our end. Thanks to you, and to the rest of the Microsoft Team that made this possible for us. ChrisAnonymous
December 05, 2006
As I mentioned in a previous series of posts , we recently had all the major OEMs on campus to discussAnonymous
April 16, 2007
At the end of June my family and I are moving to Austin, Texas. I’ll still be doing a lot of the same