Microsoft? Are you sure?

UPDATE: Looks like they keep stock-piling Security talent over there at Blue. This time Mike Andrews announces he will be joining the Bing team.

A few years ago I never would have imagined writing this, but it has become very apparent that Microsoft is a serious security company. Sure they have many issues to deal with, but doesn’t any company of this size?

There has been a recent piling of evidence that security is being taken very seriously in Redmond. Some of these examples include:

• They started holding the Bluehat Sessions, gathering various security experts (includes the likes of Dan Kaminsky and Robert Hansen->”RSnake” within multiple domains and having them work with and present in internal learning sessions.
• They formed their ACE team responsible for performance, security and privacy across Microsoft.
• They have published some of the first and only books and software on threat modeling.
• Microsoft published a security wiki, now in beta.
• Of course, everyone is aware of their Trustworthy Computing initiative.
• Believe it or not, an anti-XSS library from MS.

And now this. Mark Curphey is joining the Microsoft ACE team and bringing his product idea with him! This is a great hire for Microsoft and I am very much looking forward to the development of the Oxygen Security platform originally conceived by Mark at SourceClear. I have a great deal of respect for him and have had the opportunity to discuss with him his ideas around the product. For those who don’t know him, he has a great security background that includes the founding of OWASP and leadership positions at Foundstone and ISS.

Congratulations to Mark and Microsoft. Now get busy building Oxygen.