Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsoft Security Guru Leaves Post

    By
    Dennis Fisher
    -
    December 23, 2002
    Share
    Facebook
    Twitter
    Linkedin

      Scott Culp, the man responsible for Microsoft Corp.s security response efforts, has left his post and moved to a new position within the companys Security Strategy Group.

      As manager of the Microsoft Security Response Center, Culp has been the public face of the software giants efforts to respond to security problems in its products and improve its image within the security community. During his five years in the MSRC, Culp played a large role in the development of Microsofts procedure for handling vulnerabilities, dealing with security researchers and getting patches and information out to customers.

      In his new role as a program manager for security strategies, Culp will be working on security projects across the companys product portfolio. Hell be working under Scott Charney, the chief security strategist at Microsoft, based in Redmond, Wash.

      “Im proud to [have] played a role in building a high-quality program for responding to security issues in Microsoft products and helping our customers keep their systems secure,” Culp said. “With Microsofts increased focus on improving the security of its products through our Trustworthy Computing Initiative, I now am ready to try something new and and put my security experience to use in a new role at the company.”

      Steve Lipner, director of security assurance, will still be responsible for the overall workings of the MSRC.

      Culp was the driving force behind Microsofts current attitude toward the responsible handling of software vulnerabilities and the researchers and crackers who find them. In a widely read article he posted to Microsofts security Web site in the fall of 2001, Culp denounced what he saw as the irresponsible publication by some in the security community of vulnerability data and exploit code before vendors have a chance to release patches for the issues.

      Page Two

      : Microsoft Security Guru Leaves Post”>

      “Its high time the security community stopped providing blueprints for building these [worms and viruses]. And its high time computer users insisted that the security community live up to its obligation to protect them,” Culp wrote in the article. “We can and should discuss security vulnerabilities, but we should be smart, prudent, and responsible in the way we do it. If we cant eliminate all security vulnerabilities, then it becomes all the more critical that we handle them carefully and responsibly when theyre found. Yet much of the security community handles them in a way that fairly guarantees their use, by following a practice thats best described as information anarchy. This is the practice of deliberately publishing explicit, step-by-step instructions for exploiting security vulnerabilities, without regard for how the information may be used.”

      The paper drew strong reactions from people on both sides of the debate, with some researchers dismissing it as self-serving rhetoric designed to scare people away from looking for flaws in Microsoft products. Still, many in the security community say Culp make the most of a difficult, often thankless job.

      “Probably the most sensible thing Microsoft has done recently on the security front is to convince Scott Culp to move over to the relatively new group known as the Trustworthy Computing Initiative. Scott has a rare combination of skills for the security world; hes not a programmer, and he is able to speak to people without making them hate him,” said Russ Cooper, surgeon general of TruSecure Corp., in Herndon, Va., and moderator of the NTBugTraq mailing list, who has often been at odds with Culp on security issues. “Combined, Scott has been very effective at gaining consensus within Microsoft on how to better handle security issues when they arise, and over the past four years has been very influential in effecting changes to the mindsets of product managers—making them appreciate the value of doing this correctly. In his new position Scott will, hopefully, have more time and status to effect further changes. Now if we can only get him to go after those folks in Windows Update more fervently.”

      Avatar
      Dennis Fisher

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×