The Microsoft Security Response Center has been responding to security vulnerabilities and incidents for more than 10 years, and we’ve learned a few things along the way. In this presentation, we’ll pull back the curtain and walk you through the formal processes and informal guidelines that we use to handle hundreds of vulnerability reports every year, and we’ll help you apply these lessons to your own organization. When you leave this presentation, you’ll have a better understanding of Microsoft’s decision-making process and you’ll be able to greatly improve your organization’s own response processes. You’ll also learn how your organization can add capabilities as you grow. This content is focused on responding to software vulnerabilities in software developed by your organization. If you write code, the day will eventually come when you need to respond to a security issue. Learn from our experience and get your response right the first time!