Join the Microsoft Security Response Center (MSRC) for our Researcher Celebration at Black Hat Europe on Wednesday, December 10, from 4:30–9:00 PM. This event honors the contributions of the global security research community. Connect with peers, celebrate achievements, and enjoy networking with researchers from around the world. Apply to attend now: microsoft.eventsair.com/msrc… #BHEU

Kicking off #ZeroDayQuest with the ladies of @msftsecresponse

As part of our Secure Future Initiative and to further the security of our customers, ourselves, and the world, today we are introducing the most transparent security research event in history: The Zero Day Quest. This new hacking event will be the largest of its kind, with an additional $4 million in potential awards for research into high-impact areas, specifically cloud and AI. Starting today, the quest kicks off with a research challenge where vulnerability submissions in targeted scenarios are eligible for multiplied bounty awards. Submissions can also qualify researchers for a spot in the onsite hacking event in Redmond, WA, in 2025. Learn more in our blog post:  msrc.microsoft.com/blog/2024… #ZeroDayQuest

Today at the Microsoft STRIKE event: “STRIKE Live: Practical AI Safety and Security,” Eric Douglas, CVP, Security Research, Microsoft, gave the opening remarks, and Yonatan Zunger, CVP, AI Safety and Security, Microsoft, delivered the keynote to a large group of Microsoft engineers. They emphasized that safety must become as fundamental to our work as breathing. So, what are the basic principles of safety engineering? 1. Know the ways your system might fail as intimately as the ways your system should work: • Brainstorm failure scenarios and keep that list as fresh as your success scenarios. • What you don’t know can hurt you – so use many eyes and plan for surprises. 2. For each scenario, have a plan: • Eliminate it. • Reduce its severity or frequency. • Give users a way to solve it themselves. • Have a response plan for when things go wrong. How do you do that brainstorming? Eric and Yonatan recommend a three-pronged approach: • System-first: What are the components? What happens if each one fails? What if it gets bad input? And the components include the users! • Actor-first: What might someone want to achieve using this software? Under what circumstances are they using it? • Target-first: Who might be affected by someone using this software? What might make them more or less vulnerable? How would they be able to respond?

We hosted a pre-BlueHat India welcome reception this evening, providing an opportunity for our speakers, MSRC MVRs, and Microsoft team members to connect. We are thankful to our speakers and MVRs for their role in making #BlueHatIndia a success.