TechEd 2005 - SEC305

Sorry for the delay in getting this posted. The first time I tried this was late Monday night and someone (or something) was flooding the network in my hotel (I'd hate to think an IT persons machine got comprimised and it was the victim of a network DOS).

Anyway, I posted this once but like I said, the network puked on me and it didn't save. So, now that I've found a reliable connection (the CommNet here is great), I'll get you all updated.

Stephen Toulouse gave a great presentation on the MSRC (Micosoft Security Response Center). He went over the security bulletin/patch release process. There are two tracks the start and work in tangent of each other. I don't have the time to make a nice side by side so I'll just list them.

- Vulnerability Reporting
- Triaging
- Managing Finder Relationship
- Content Creation
- Release

- Create the Fix
- Testing
- Update Dev Tools & Practices

One case study they shared with us was in regard to the MSN Messenger vulnerability. As they worked through the process, they made a decision to force the patch out to users as they connected. By that I mean, they weren't allowed to connect until they had downloaded and installed the new version.

It was a very good session (and some of us had a really good session with some of the MSRC folks in a focus group - watch for some good changes to the bulletins).