Microsoft plans to give a hacker conference in Asia an inside look at new security features on Windows Vista later this year, the organizer of the event said Tuesday.
The company's commitment to show off Vista to the hacker and security community is part of a long-term trend aimed at gaining greater feedback from users prior to product debuts. More and more software and hardware vendors are trying to weed out vulnerabilities before products go to market, and they often turn to the underground and above ground security community for advice.
"Companies know that fixing vulnerabilities in already released products is always going to be much more expensive than finding and squashing them during the development stage," said Dhillon Andrew Kannabhiran, organizer of the 6th annual Hack In The Box deep knowledge security conference (HITBSecConf2006) set for Kuala Lumpur, Malaysia in September.
"At the end of the day it also doesn't help an organization's image when critical bugs are found which could have been trivially fixed from the start," he added.
The Hack In The Box conference will host two speakers from Microsoft.
The first, Dave Tamasi, a lead security program manager at Microsoft, will give a presentation on security engineering in Vista. The talk will include a discussion about features suggested by hackers and other security conscious members of the computing community, in addition to security improvements made on Vista.
The second speaker, Douglas MacIver, a penetration engineer at Microsoft, will review Vista's BitLocker Drive Encryption and the company's analysis of threats and attempts to penetrate the security feature.
BitLocker Drive Encryption is a data protection feature in Windows Vista aimed at securing data on lost or stolen computing devices. It's available in Windows Vista Enterprise and Ultimate for client computers and Windows Server "Longhorn." The software works by preventing an intruder or thief from running a software hacking tool to break Windows Vista files and system protections, or viewing files stored on the protected files when the computer is offline.