Five years ago I signed one of the most draconian Non-Disclosure Agreements in the computer world to get access to the source code, design specifications, threat models, developers and managers of Windows Vista for its Final Security Review. This NDA expires the day before Blackhat, meaning that I am free to talk about all of the secrets I was given during the 9 months I spent at Redmond.
In addition to a critical analysis of the entire SDL process, this talk will reveal all manner of previously-secret information about the security process that Vista went through, the reality of running an infosec program on a behemoth like Vista, and the internal workings of the Secure Windows Initiative. Expect brutal honesty, some real shock-and-awe moments, and a few unexpected twists that you probably won't see coming.
Chris Paget is Chief Hacker for Recursion Ventures, and one of the foremost information security experts in the world. Prior to Recursion, Chris was Technical Lead, Global Information Security Research and Testing Team for eBay in which he was responsible for understanding and preventing scams, fraud, malware, hacking, among other security issues, and across all related company properties. Chris came to eBay from IOActive, where he was Director of R&D and responsible to senior management for all departmental activities.