[Dailydave] The lack of hard questions

Mike Reavey mreavey at microsoft.com
Wed Aug 27 17:05:57 EDT 2008 

Hey folks - we're here, watching this thread.  Send us your questions, either directly to msrcteam at microsoft.com<mailto:msrcteam at microsoft.com> or to the list.  We'll answer them here:blogs.technet.com/ecostrat in a future post.

From: dailydave-bounces at lists.immunitysec.com [mailto:dailydave-bounces at lists.immunitysec.com] On Behalf Of Dave Aitel
Sent: Tuesday, August 26, 2008 2:02 PM
To: security curmudgeon
Cc: dailydave
Subject: Re: [Dailydave] The lack of hard questions

I didn't get to see the talk, so I'm not sure what questions you asked and what the answers were. Of course, you can feel free to ask them here. Peer review isn't a static thing.

-dave

On Tue, Aug 26, 2008 at 4:48 PM, security curmudgeon <jericho at attrition.org<mailto:jericho at attrition.org>> wrote:

: Secure the Planet! New Strategic Initiatives from Microsoft to Rock Your
: World *Mike Reavey, Steve Adegbite, Katie Moussouris*
: https://www.blackhat.com/presentations/bh-usa-08/Reavey/MSRC.pdf
:
: Obviously my favorite part is the slide with CANVAS. :> But I think it's
: interesting that Microsoft is doing this stuff and I don't think people
: have asked them the hard questions about it yet.  Also, those are quite
: cool caricatures .
Their "hard questions" in the slides were far from hard. I think you had
left the room, but I went to the mic and asked them ~ 10 hard(er)
questions. They answered a few, 'no commented' one and evaded a few. These
were questions that came to mind while they gave their presentation, and
the general lack of serious questions and putting them on the spot
afterwards was a huge disappointment.

I left BlackHat feeling that one of the purposes of BH (and DC) was to
give the audience a chance to ask real questions, not the fluff questions
that we see more and more each year. The audience has turned from a
skeptical crowd into a passive herd, accepting anything presented,
regardless of accuracy or sanity.

I had to leave early on Saturday but I was told that Reavey, Adegbite
and/or Moussouris wanted to speak with me because of the questions I
asked. If any of you are reading this list, feel free to mail me if you
had questions about my questions or skepticism. And no, I held back a few
questions as they were cheap shots at the presenters/Microsoft but
underscored the basis for some skepticism. After one comment Steve made to
me in front of the audience, I should have let loose. Sometimes it doesn't
pay to be a good guy. =)


- security curmudgeon


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20080827/e8746f20/attachment.htm

More information about the Dailydave mailing list