A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Microsoft Vulnerability Research: How to be a finder as a vendor - Jeremy Brown & David Seidman Notacon 11 (Hacking Illustrated Series InfoSec Tutorial Videos)

Microsoft Vulnerability Research: How to be a finder as a vendor
Jeremy Brown & David Seidman
Notacon 11

You may think of Microsoft as a company that fixes vulnerabilities, but we frequently find security issues in other vendors’ products as well. Microsoft Vulnerability Research (MSVR) was created to help ensure that our company demonstrates the same behavior, in the role of a finder, that we’d like to see from other companies and researchers from all over the world. We make sure that our reports are complete and accurate and communicated securely and effectively to the right place. This presentation will cover how and why MSVR was created, an in-depth look at our operations and what we’ve learned so far with this program. We’ll also discuss how your company can have a centralized program to do the same. We’ll finish things off with a run through of an example vulnerability that one of our finders discovered, reported through MSVR, and what is was like working to get it fixed with an advisory we released thereafter.
Jeremy Brown

Jeremy Brown is a developer / security researcher at Microsoft. He started off there with the Malware Protection Center, reversing patches, analyzing malware and exploits in the wild, before then moving on to Windows Security to make the next version of Windows even more secure than the last. His interests include things like kernel security, static code and binary analysis, fuzzing, vulnerability coordination and disclosure as well as bug hunting techniques.

David Seidman:
David Seidman is a Senior Security Program Manager Lead on the Microsoft Security Response Center team, where he manages Microsoft’s response to normal and high-priority security incidents such as active attacks using an unpatched vulnerability. Prior to working at the MSRC, David managed development of Microsoft Office security updates and service packs. He holds a Bachelor’s degree in Computer Science and a Master’s in Cognitive and Neural Systems from Boston University. When not putting out fires on the internet, David enjoys triathlon, mountain climbing, Brazilian jiu jitsu and brewing his own beer.

Back to Notacon 11 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast