Re: The lack of hard questions

[security curmudgeon <jericho () attrition org>]

: Secure the Planet! New Strategic Initiatives from Microsoft to Rock Your 
: World *Mike Reavey, Steve Adegbite, Katie Moussouris* 
: https://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf
: 
: Obviously my favorite part is the slide with CANVAS. :> But I think it's 
: interesting that Microsoft is doing this stuff and I don't think people 
: have asked them the hard questions about it yet.  Also, those are quite 
: cool caricatures .

Their "hard questions" in the slides were far from hard. I think you had 
left the room, but I went to the mic and asked them ~ 10 hard(er) 
questions. They answered a few, 'no commented' one and evaded a few. These 
were questions that came to mind while they gave their presentation, and 
the general lack of serious questions and putting them on the spot 
afterwards was a huge disappointment. 

I left BlackHat feeling that one of the purposes of BH (and DC) was to 
give the audience a chance to ask real questions, not the fluff questions 
that we see more and more each year. The audience has turned from a 
skeptical crowd into a passive herd, accepting anything presented, 
regardless of accuracy or sanity.

I had to leave early on Saturday but I was told that Reavey, Adegbite 
and/or Moussouris wanted to speak with me because of the questions I 
asked. If any of you are reading this list, feel free to mail me if you 
had questions about my questions or skepticism. And no, I held back a few 
questions as they were cheap shots at the presenters/Microsoft but 
underscored the basis for some skepticism. After one comment Steve made to 
me in front of the audience, I should have let loose. Sometimes it doesn't 
pay to be a good guy. =)


- security curmudgeon


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave