GOTO is a vendor independent international software development conference with more that 90 top speaker and 1300 attendees. The conference cover topics such as .Net, Java, Open Source, Agile, Architecture and Design, Web, Cloud, New Languages and Processes
Bruce Dang, TweetLead Network Security Analyst at Microsoft
Biography: Bruce Dang
Bruce Dang is a security engineer at the Microsoft Security Response Center. His daily job is to understand software vulnerabilities and protect customers. He works in the engineering team supporting the Microsoft Active Protection Program: http://www.microsoft.com/security/msrc/collaboration/mapp.aspx.
Presentation: TweetSoftware security and incident response
Dealing with software security is a complex endeavor. From the technical perspective, one must first determine the exact root cause of the security issue and following with additional verification tests; from a management perspective, you have to figure out how much resources to allocate to the investigation process and decide a timeline on when to release it. These are just some of the simple steps. In practice, it is usually more complicated than that. In this talk, I will share the processes and experiences at Microsoft for software security incident response. Of course, you will hear behind the scene stories involving some of the more well-known incidents in the last few years. There will be many engineering stories.