A Look at Microsoft's Security War Room

Josh Fink writes "C|Net has an interesting piece about Microsoft's Security War Room, or rather, shall I say rooms. This room came about when Microsoft's security chief, Mike Nash, had issues finding open conference rooms. The response; a dedicated room only for him and his staff to handle emergencies. "And while he was at it, why not have two? That way, the folks working on fixing a security crisis could have a little breathing room from those drafting the public and customer communications around the issue. ""

war room?

[Jonesy69]

Is it just me or is slashdot's headlines as of late running parallel to the average idiots way of describing everything as a war?

Somewhat disconcerting, and humorous at the same time seeing as MS has a 'war room'. All while knowing of the monumental failures of current wars. E.g 'war on drugs' 'war on poverty' 'war on obesity', etc.

I guess just add 'war against standards compliancy' to the list.

Re:reality and spin rooms.

[ByOhTek]

One dedicated fix team for all that code?

That wouldn't make sense at all, there's too much for anyone to grasp. It would be like a dedicated fix team that cover Linux+KDE+OpenOffice. (replace Linux with OpenSolaris or *BSD if you like, KDE with Gnome or some other high-feature window/session/desktop manager if you like)

It's to complex to keep aware of the ins-and-outs of everything - just one of those would be hard enough. Each project should have their own dedicated fix team - The top-string regular devs for the project (hence they understand the code), maybe one or two outsiders (another perspective), who normally work on the specific project, but drop everything and work on fixes if they occur.

Also, it never said that they didn't (or for that matter, did) already have a dedicated team then (or now), simply that until '05, they had to share conference rooms.

Are those liquor bottles?

[Iphtashu Fitz]

In the cabinet containing food supplies it looks like they have the following available:

• a bag of pretzels
• a couple bottles of hersheys chocolate syrup
• one can of soda or juice
• a couple containers of nondairy creamer
• 3 bottles that look like liquor bottles

All that to feed a group of engineers that "gets hit with an emergency and has to pull an all-nighter."

Sounds like a typical geek diet to me.

Disappointed

[hcdejong]

I expected this [gonet.cz], not some crummy office with a conference table.

Re:on the door?

[Anonymous Coward]

I'm posting anonymously because of NDA implications. I used to work at a network security firm that supplied MS with a security console for detecting, investigating, and mitigating attacks on their network. (Hint, they use the same one as the Pentagon's network security war room.) This system relied upon certain defacto standards in their networking gear, but MS had purchased gear that did not support that feature, and were blocking much of their gear that did. MS's proposed solution, distribute a few hundred Linux boxes all through their network to serve as probes.

It was an unworkable idea, and we eventually worked around their problems in a different way, but it does indicate that some of the head security guys at MS may not be as opposed to Linux as you'd think. So long as they don't have to make it public, they seem happy to use OSS. Note, the servers that provide their security system run a highly customized version of either OpenBSD or Linux, depending on which version they're using.