Source URL: https://www.theregister.com/2024/08/28/microsoft_closed_security_summit/
Source: The Register
Title: Microsoft hosts a security summit but no press, public allowed
Feedly Summary: CrowdStrike, other vendors, friendly govt reps…but not anyone would can tell you what happened
op-ed Microsoft will host a security summit next month with CrowdStrike and other “key" endpoint security partners joining the fun — and during which the CrowdStrike-induced outage that borked millions of Windows machines will undoubtedly be a top-line agenda item. …
AI Summary and Description: Yes
**Summary:** Microsoft is organizing a security summit with key endpoint security partners to address recent security failures, notably an incident involving CrowdStrike that affected millions of Windows machines. However, the event will not be open to the press or public, raising concerns about the level of transparency and accountability in discussing important security measures and future practices amidst ongoing criticism of Microsoft’s security performance.
**Detailed Description:**
The upcoming Windows Endpoint Security Ecosystem Summit, scheduled for September 10 at Microsoft’s headquarters in Redmond, has generated significant attention, particularly in light of recent security incidents attributed to CrowdStrike. Corporate VP Aidan Marcuss emphasized the importance of collaborative discussions on improving security and resiliency for joint customers. However, the closed-door nature of the event sparked controversy regarding transparency and accountability. Here are the major points of discussion regarding the summit and the surrounding issues:
– **Event Details:**
– Hosted by Microsoft, featuring key security partners, including CrowdStrike.
– Tackling recent security issues, particularly the CrowdStrike incident affecting Windows machines.
– **Transparency Concerns:**
– Summit will not be live-streamed and is closed to press, raising questions about transparency.
– Invitations extend to select government representatives to potentially assure a level of oversight, yet notable critics, like Senator Ron Wyden, were excluded.
– **Past Incidents:**
– The discussion will revolve around lessons learned from the July outage linked to CrowdStrike.
– Microsoft’s credibility is in question, following multiple high-profile breaches involving national threats.
– **Criticism of Microsoft:**
– The company has faced scrutiny due to its perceived lack of effective security measures and clear communication following security incidents.
– Recent Congressional testimonies highlighted repeated security failings and insufficient responses to cyber threats from hostile nations.
– **Call for Genuine Accountability:**
– Previous initiatives by Microsoft, such as the Secure Future Initiative, have aimed to enhance their security posture. However, skepticism remains regarding their commitment to authentic transparency and compliance with cybersecurity regulations.
– The community advocates for more openness in addressing security failures, emphasizing the need for genuine dialogue over public relations efforts.
This summit reflects critical industry dynamics in cybersecurity, relevant to professionals who are navigating compliance, security practices, and partnership models within the evolving landscape of technology. It underscores the balancing act organizations must maintain between maintaining security resilience and being transparent about their processes and failures.