Aug 8, 2011 8:57:06 PM

Chris Paget Reveals Security Flaws At This Year's Black Hat Conference

Upon the expiration of her five year non-disclosure, Chris Paget revealed that she was hired by Microsoft to bang on Windows Vista prior to its launch. The move was unusual for Microsoft who had never done it before, said Paget. "There were process and tool improvements. This was the first time that Microsoft brought in an outside team. They expected us to come in and find nothing. This was the final check."

Her company, security company Recursion Ventures, "...looked at code kernel and the user space but was told not to look at legacy code. Microsoft didn't add legacy code vetting until Windows 7" Paget said. She said that her team was so good at finding critical flaws in Vista code that Vista was actually delayed because of one critical bug she found. But despite the security problems that Paget discovered in Vista, she also had high praise for Microsoft. She discussed Microsoft's bug track system and how Microsoft's own security team had created an extensive list of features ranked by risk. "Microsoft's security process is spectacular. If security is a process, not a product, Microsoft deserves a lot of credit. Vista was a giant leap in the right direction."