Data Driven Software Security

Explore a data-driven approach to software security in this conference talk from the Hack In The Box Security Conference. Delve into Microsoft's proactive monitoring and analysis of in-the-wild exploits to understand vulnerability types and exploitation techniques. Learn about new mitigation improvements in Windows 10 and the Windows 10 anniversary edition, addressing widely used exploitation techniques and specific vulnerability classes. Discover key security features and improvements introduced in Windows and other Microsoft products over time, making software vulnerability exploitation more challenging and costly. Gain insights into various mitigation technologies that have played a crucial role in enhancing online safety and defending against state-of-the-art software exploitation. The presentation covers topics such as Patch Tuesday, proactive security measures, Windows 10 mitigation techniques including Control Flow Guard, Code Integrity, Virtual Secure Mode, Forced Code Integrity, User Mode Fonts, Child process restriction, Edge Isolation, Guest VM Support, and the Microsoft Bounty program.