Shostack + Friends Blog

Other comments on the CSRB Microsoft Report

Cartoon talk bubbles on the report title

Other people have written about the CSRB report, and adding them made my previous post even longer. I wanted to share their perspectives:

Rich Mogull says It's time for a trusted cloud initiative.
Adrian Sanabria wrote A Meta-Review of the Summer 2023 Microsoft Exchange Online Intrusion.
Eric Geller wrote The US Government Has a Microsoft Problem at Wired.

In conversation, Tarah Wheeler pointed out that what’s involved in creating “big yellow taxi” is not clear, and it’s not clear if that module is available even to other government agencies. It would also be interesting to know how many rules on the scale of “Big Yellow Taxi” State has developed, and the false positive rates for each. Such information could directly inform conversations about the value of developing rules, and about acceptable false positive rates for rules that trigger “frequently.” (Is it worth doing 10 hour-long investigations to catch one intrusion like this? 100? 1000?)

Originally published by Adam on 17 Apr 2024
Categories: reports security

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.