Microsoft's lessons from the desktop
C|Net | at | by Mike
Pete Boden wants people at Microsoft to think like criminals. That's why the company held its first "Blue Hat" meeting in 2005, which invited hackers onto the corporate campus for lectures and meetings intended to expose security employees to the mentality of digital intruders.
Although it has become a popular biannual event, Blue Hat can still be an unnerving experience at times as guest hackers occasionally break Microsoft products in front of the people who built them. But studying such simulated attacks--a process known as "threat modeling"--provides invaluable lessons in teaching developers how an application can be attacked and what the security controls should be.