Microsoft Mends Security Ties

Reporter's Notebook: eWEEK's Dennis Fisher reports from Microsoft event to thank security community.

LAS VEGAS—Cats and dogs living together.

Thats the only way to describe the party that Microsoft Corp. threw here Thursday night at the close of the Black Hat Briefings. The gathering was billed as a thank-you for all of the people who have helped the software giant improve the security of its products over the years. Given that agenda, one would have reasonably expected to see a crowd of current and former Microsoft employees with a few outside experts thrown in for good measure.


But the group that showed up at the ultra-hip Ghostbar lounge at The Palms hotel was instead made up of the crème of the crop of security researchers, crypto experts and even high-level Bush administration officials. With more piercings and tattoos per capita than the population of most college campuses, the guest list was a flat-out whos who of the security world. And the fact that they all turned out for a party put on by Microsoft—a company considered by many in the room to be the root of all evil—was the most surprising twist of all.

To call Microsofts relationship with the security community strained would have been a vast understatement in years past. But, the combination of the companys massive internal effort to improve the security of its software and the outreach and communications work done by the Microsoft Security Response Center has apparently thawed relations between the two sides considerably.

Many of the researchers on hand for the party said they couldnt have imagined showing up at a Microsoft event as little as 12 months ago. In fact, one guest said that he figured gathering this group of people together in one room would have triggered the apocalypse.

For evidence that the era of good feelings truly has dawned, you need look no further than the names on the invitation-only manifest for the party: Marc Maiffret and most of the research and engineering team from eEye Digital Security Inc.; David Litchfield—pere et fils—of Next Generation Security Software Ltd.; Thor Larholm, of PivX Solutions LLC; Chris Wysopal, of @stake Inc.; Marcus Sachs from the Cyber Security Division of the Department of Homeland Security; Phil Zimmermann, creator of Pretty Good Privacy; and even Kevin Mitnick, late of the federal prison system.