Guy Arazi, a UK-based security expert at Microsoft, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Guy discusses his journey in security, which began in 2018 when he joined Microsoft, and his current role focusing on online services vulnerabilities within the MSRC (Microsoft Security Response Center). They delve into the concept of variant hunting, a critical process in identifying and mitigating repeated patterns of security vulnerabilities across multiple products and services. Guy explains that while static analysis tools are useful, they often require more complex, tailored approaches to detect these recurring issues. He emphasizes the importance of understanding the root cause of vulnerabilities and using both human insight and automated tools to address them across the vast codebase of Microsoft's offerings.
In This Episode You Will Learn:
The challenges of variant hunting and its significant impact on improving overall security
Growing complexity of variant hunting and the necessity of thorough documentation
What is important to consider when approaching a security vulnerability
Some Questions We Ask:
Are there industry tools or publicly available resources you recommend for variant hunting?
How can you identify the security boundary a vulnerability affects?
Is variant hunting something only humans can do, or can tools and automation help?
Resources:
View Guy Arazi on LinkedIn
View Wendy Zenone on LinkedIn
View Nic Fillingham on LinkedIn
Related Microsoft Podcasts:
Microsoft Threat Intelligence Podcast
Afternoon Cyber Tea with Ann Johnson
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.
You Might Like
