GOTO is a vendor independent international software development conference with more that 90 top speaker and 1300 attendees. The conference cover topics such as .Net, Java, Open Source, Agile, Architecture and Design, Web, Cloud, New Languages and Processes

Bruce Dang, Lead Network Security Analyst at Microsoft

No picture of Bruce Dang

Biography: Bruce Dang

Bruce Dang is a security engineer at the Microsoft Security Response Center. His daily job is to understand software vulnerabilities and protect customers. He works in the engineering team supporting the Microsoft Active Protection Program: http://www.microsoft.com/security/msrc/collaboration/mapp.aspx.

 

Presentation: Software security and incident response

Track: Security / Time: Monday 10:20 - 11:10 / Location: Lille Sal, BORA BORA

Dealing with software security is a complex endeavor. From the technical perspective, one must first determine the exact root cause of the security issue and following with additional verification tests; from a management perspective, you have to figure out how much resources to allocate to the investigation process and decide a timeline on when to release it. These are just some of the simple steps. In practice, it is usually more complicated than that. In this talk, I will share the processes and experiences at Microsoft for software security incident response. Of course, you will hear behind the scene stories involving some of the more well-known incidents in the last few years. There will be many engineering stories.