Posted by Ina Fried
December 3, 2007
REDMOND, Wash. -- Tired of having to fight for a free conference room,
Microsoft's security chief, Mike Nash, decided in early 2005 that the
company needed a dedicated "war room" where his team could handle
And while he was at it, why not have two? That way, the folks working on
fixing a security crisis could have a little breathing room from those
drafting the public and customer communications around the issue.
"They were tired of the communications people hearing of things that
were half-baked," Nash said.
The Microsoft Security Response Center (MSRC) was completed in June
2005. The engineering conference room includes four flat-panel screens
that can display live TV or a computer screen as well as a couple dozen
chairs, though the place is often standing-room-only in a real crisis.
The war room is just one of a number of changes Microsoft has made over
the years, usually the result of a lesson learned the hard way through
some work or other outbreak. In part one of a three-part series starting
Monday, I take a look back at those painful lessons and how they have
shaped Microsoft's current practices. On Tuesday, I'll look at the role
of the human element in trying to keep software secure. And on
Wednesday, I'll look at some of the people Microsoft counts on to keep
its products safe. Each day there will be a blog too, going into more
depth on one issue raised by that day's story.
While most of the room's accoutrements are practical--food, a world map,
and clocks showing the time around the world, there is also a photo of
actor Harvey Keitel. That's courtesy of Christopher Budd, who used to
work as part of the security response effort.
"Back in 2001, I joked about how working to protect customers in the
MSRC was a lot like being Harvey Keitel's character, "The Wolf," in Pulp
Fiction," said Budd, who now works on Microsoft's privacy team. "Just
like his character, I said, you're doing a hard job, and doing it right
means you have to remain calm in a crisis and help others stay calm.
When you do that, you help everyone stay focused on solving the
To me, "The Wolf" seems like an odd choice for a company that is looking
to be more transparent. Wasn't his role in the movie to help clean up
after a murder so that the rest of the world would not know what had
Visit InfoSec News