Presentation: Tweet"Software security and incident response"
Dealing with software security is a complex endeavor. From the technical perspective, one must first determine the exact root cause of the security issue and following with additional verification tests; from a management perspective, you have to figure out how much resources to allocate to the investigation process and decide a timeline on when to release it. These are just some of the simple steps. In practice, it is usually more complicated than that. In this talk, I will share the processes and experiences at Microsoft for software security incident response. Of course, you will hear behind the scene stories involving some of the more well-known incidents in the last few years. There will be many engineering stories.