At the BlackHat security conference held in Las Vegas this week, Microsoft released its latest list of “Top 100 Security Researchers,” an annual tradition that recognizes top security researchers around the world and their contributions to making Microsoft products more secure. Last week, Microsoft posted a “Making of” explainer for how these researchers were chosen, and at Black Hat, they released the 100 names, which you can check out in a follow-up blog post.
Security research continues to be a hot issue both at big companies like Microsoft, and for independent vendors and for end users. At the Black Hat conference, Google’s Director of Engineering and head of Project Zero, the controversial Google system of “deadline driven” exposure of software vulnerabilities that promises to release info on software problems 90 days after vendors have been notified, spoke at the opening keynote and noted that companies (Microsoft apparently included) have made significant changes in the way they handle these vulnerabilities based on the 90 day disclosure project. In the keynote, Parisa Tabriz noted that 98% of these vulnerabilities are now fixed within the 90 day period, up from only 25% before Project Zero was begun in 2014.
BlackHat seems to be both highlighting the work being done across the industry on security, and also bringing more attention to the problems being faced, and companies large and small seem to be taking security much more seriously. Tabriz’s call to examine root causes and for collaborative work across the industry to solve security problems, like Brad Smith’s call for a “Geneva Convention” on security, and the popularity of events like BlackHat, show that even as security problems become more complex, the industry is taking bold steps to combat them.