 |
Window Snyder, formerly of Microsoft, now heads up security at Mozilla, the company best known for its open-source Firefox Web browser. While Microsoft is often criticized over the security of its products, Mozilla is seen in a more favorable light. Yet Firefox and other Mozilla products have their share of security problems.
At Microsoft, Snyder helped formalize the process to secure Windows. She also created an event, dubbed Blue Hat, that brought hackers onto the Microsoft campus to expose flaws in the company's software in front of its creators.
In her new role, Snyder plans to share Mozilla's security secrets with the world, strengthen ties with the security researcher community and rid Mozilla products of old, potentially dangerous, code, she told CNET News.com in a recent interview.
Snyder is a self-described geek and the daughter of programmers. Before she was even a teenager, her mom taught her to program Basic on a Texas Instruments 99 computer. She went on to a career that included various security consulting jobs, such as at @Stake, which was purchased by Symantec.
Snyder sat down with CNET News.com at Mozilla's office in Mountain View, Calif., to talk about how to make software as watertight as possible in a world where nothing is secure.
Q: How did you come to be interested in security?
Snyder: I
studied mathematics and computer science, which led me to cryptography. From
there, I definitely developed an interest in how to build secure applications,
and, at the same time, how to circumvent secure systems. Once I was a software
engineer, I pretty much started working on security applications.
When did you first get involved professionally?
Snyder: I was
developing applications where security was critical very early on in my career.
I was also involved in security research groups in the '90s.
In the late '90s is when the security industry really changed: It was the beginning of Internet Security Systems and other companies. There was finally a place for these skills to be commercialized, so I went from development to consulting. In 2000, I was at @Stake. There wasn't a pure-play security consulting company before that.
What is the key rule that you live by in terms of security?
Snyder: That nothing is secure. That's an important thing to remember,
both on the side of developing software and also on side of the security tester.
Keep thinking about ways to protect the system, because there's always going to
be somebody trying to get in, somebody trying to take advantage of a weakness in
the system and hurt your customers.
You spent about three years at Microsoft. What did you do there?
Snyder: Initially, I worked on the Secure Windows Initiative, developing
methodology and working with the different product teams to help secure
Microsoft products. I created a role for somebody to manage the overall parts of
security for the operating system. Microsoft had somebody on the Windows team
who signed off on localization, somebody who focused on performance, and
somebody who focused on partner integration. There are all these roles, but there was nobody for security.
After Windows XP Service Pack 2 shipped, I was one of the first people on a new community team. I formalized some the things that I had been doing informally, which was reaching out to the security research community and bringing them into Microsoft. We were able to go out into the community and bring in information and make it available to the product teams. One way that manifested itself is Blue Hat, an event I created to bring the type of speakers you would see at Black Hat or CanSecWest to Microsoft.
Now you're here at Mozilla. Do you see a challenge here, or can you put
your feet up on your desk?
Snyder: There's an opportunity here. Mozilla
is in a really unique situation because of their community. We can take the
learning from development and the engineering environment
Play video
There are currently no comments for this post.