Scott Culp, the man responsible for Microsoft Corp.s security response efforts, has left his post and moved to a new position within the companys Security Strategy Group.
As manager of the Microsoft Security Response Center, Culp has been the public face of the software giants efforts to respond to security problems in its products and improve its image within the security community. During his five years in the MSRC, Culp played a large role in the development of Microsofts procedure for handling vulnerabilities, dealing with security researchers and getting patches and information out to customers.
In his new role as a program manager for security strategies, Culp will be working on security projects across the companys product portfolio. Hell be working under Scott Charney, the chief security strategist at Microsoft, based in Redmond, Wash.
"Im proud to [have] played a role in building a high-quality program for responding to security issues in Microsoft products and helping our customers keep their systems secure," Culp said. "With Microsofts increased focus on improving the security of its products through our Trustworthy Computing Initiative, I now am ready to try something new and and put my security experience to use in a new role at the company."
Steve Lipner, director of security assurance, will still be responsible for the overall workings of the MSRC.
Culp was the driving force behind Microsofts current attitude toward the responsible handling of software vulnerabilities and the researchers and crackers who find them. In a widely read article he posted to Microsofts security Web site in the fall of 2001, Culp denounced what he saw as the irresponsible publication by some in the security community of vulnerability data and exploit code before vendors have a chance to release patches for the issues.