The Trustworthy Computing blog covers Microsoft’s perspective on security, privacy, online safety, and reliability, especially as they relate to the cloud.
For readers who want additional information on those topics, check out our other TwC Blogs, which provide insights from Microsoft experts, plus information on mitigation tools, secure development, security updates, online safety, and more. Read more >>
Fighting security threats is a never-ending job. And Microsoft can’t do it alone.
One of our most successful partnership efforts is the Microsoft Active Protections Program (MAPP), through which we share threat information with security vendors ahead of our regular monthly security updates.
Recently, the Microsoft Security Response Center (MSRC) announced that MAPP would be expanded, adding more partners and giving our top collaborators even more time to create more comprehensive, higher-quality protections.
It’s been an exciting week here at Black Hat in Las Vegas with security researchers presenting on the latest trends and issues impacting networks and systems. Last night Microsoft recognized the BlueHat Prize winners at our Researcher Appreciation Party. I’m pleased to share we have already incorporated one of these winning technologies into our Enhanced Mitigation Experience Toolkit (EMET) 3.5 technology preview. It’s great to see an initiative to collaborate and share innovations a year ago evolve into prototypes with one now available this quickly as a new freely available computer security tool. Even in an enterprise that is fully updated against known vulnerabilities, EMET provides defenses that protect assets from the yet unknown threats. EMET can easily be used on home machines to protect against known, and unknown, vulnerabilities. The new Technology Preview of EMET was made available July 25.
A year ago this week we extended a challenge to the security community: a challenge to be unconventional; a challenge to look beyond the norm. Rather than reward a continued focus on finding individual problems (which we all know will exist; it’s the nature of the software industry), we wanted to inspire new lines of research and incent a focus on innovative solutions that can mitigate entire classes of attacks.
We created the BlueHat Prize — a program aimed at nurturing innovation in exploit mitigations intended to address serious computer security threats. Interest by the security community was overwhelmingly positive. This was something new and different, which the industry needs to help solve hard security problems. We received 20 qualified submissions, all with unique and interesting approaches to solving challenging security issues. Proposals came from around the world and spanned the entire industry from the research community to academia. The finalists all chose to create mitigations that prevent Return Oriented Programming (ROP) exploits from succeeding. This is an area where we’re seeing a lot of attacks lately, so it’s encouraging to see a collective focus here.