Adam Shostack Joins Microsoft

If hell hasn’t frozen over, then at least the temperature must have dropped a little on the news that cyber-security guru Adam Shostack is Joining Microsoft.

Most of the people in the circles he and I overlap in tend to speak derisively of Microsoft, but the reasons Shostack gives for signing on make Microsoft look pretty good,

Over the last few years, I’ve watched Microsoft embrace security. I’ve watched them make very large investments in security, including hiring my friends and colleagues. And really, I’ve watched them produce results.

In making this decision, I’ve had conversations with many people and organizations. The one theme that stands out was the difference in the conversations I had with Microsoft versus other software producers. Some of things that Microsoft does and are looking to improve haven’t even made it in rudimentary form anywhere else. I found myself having to shift gears and explain Microsoft’s Security Development Lifecycle. I noticed no one else with a Blue Hat conference. No one else stopping feature development to hunt for bugs. I (re-)discovered how few organizations have even basic formal security processes in place, and how few of those have audit to make sure that their processes are followed.

I realized just how many smart people are thinking about these questions at Microsoft, and I’m glad to be joining them

I just hope it won’t affect his blogging too much.

This entry was posted in Cryptography. Bookmark the permalink.

3 Responses to Adam Shostack Joins Microsoft

  1. Brett Bellmore says:

    The key test for me will be whether they’ve finally figured out that if you leave back doors in the product for your own use, other people will end up using them, too.

    If they have indeed “gotten” security, that will be a big change from when I bought XP-Pro, and found on installing it that all the nifty security features I’d bought it for defaulted to “off”.

  2. michael says:

    I’m more afraid of the reverse: lots of new nifty security features “on”…that make the machine unusable or nag you ALL the time. So you turn them off. And then it’s your own damn fault, they say…

  3. Ned Ulbricht says:


    In computer security, it’s about trade-offs. There is no such thing as perfect security, because security is about breaking things–stopping functionality from functioning–and perfect security would mean perfectly broken. Instead, you need to take a risk management approach.

    The threat model and risk exposure for a generic enterprise isn’t the same as the threat model and risk exposure for a generic law professor. Your average big corporation needs to manage risk more agressively than you do. So the upshot is that some Microsoft customers need security features turned on that you want turned off. That is, they need stuff broken that you’d rather have working. Different customers have different needs.

    Now, I’m not a big fan of Microsoft’s security attitude. There’s plenty of stuff to fault them for. But they don’t deserve to be attacked just on the basis that their software allows their customers to manage risk.

    (If you’re just looking to take a cheap shot, though, then nail ’em on the basis that they have so many fiddly little complexities that it’s practically impossible to manage that platform. That’s a valid criticism because security trades-off against complexity.)

Comments are closed.