About Me:

Hi! I'm William Peteroy and I am a Security Strategist here at Microsoft where I manage our security community engagement strategy as a part of our overall risk management / incident response strategy. I work in the Microsoft Security Response Center, where we manage all of the externally reported security issues in Microsoft products. We also manage global incident and crisis response, and conduct cutting edge research on exploitation and mitigation techniques. We also work with external partners on cross-industry security initiatives.

Background:

I graduated from Johns Hopkins with a Masters in Engineering / Computer Science. I worked with Matt Green as a faculty sponsor for my masters thesis and the main focuses of my studies were hardware security, applied cryptography, information security economics and digital forensics. Before Hopkins, I worked as a research intern at Dartmouth College with Drs. Sergey Bratus, Mike Locasto and David Kotz.

What's going on this blog:

This blog will present opinions and analysis on a number of Microsoft Security and Privacy issues (as well as those of our customers).

Some of the things I've been working on:

BlackTHC Research & Development - this is my personal Information Security blog and not affiliated with Microsoft and the views there do not represent the views of Microsoft.

MSRC Security Research and Defense Blog - I am / have recently been the main driver for addressing cryptographic issues in Windows / Microsoft platforms and writing about it to increase transparency and inform customers.

• Please stop using RC4
• Upcoming changes in SHA-1
• Cryptographic Improvements in Microsoft Windows
• Mitigating the LDRHotPatchRoutine DEP/ASLR Bypass
• MS13-027: Addressing USB issues that require physical access

Speaker at Information Security Conferences

BSides Vancouver 2014 - Issues in modern web crypto

BSides Vancouver 2013 - Who's coming after the cookies in your cookie jar?
(Applying the economics of computer network exploitation to make informed decisions about infosec)

BSides Seattle 2013 - Who's coming after the cookies in your cookie jar?
(Applying the economics of computer network exploitation to make informed decisions about infosec)

BSides PDX 2012 -  Who's coming after the cookies in your cookie jar?
(Applying the economics of computer network exploitation to make informed decisions about infosec)

In the news:

I've been quoted in PCWorld, PCWorld AU/NZ, Ars Tehcnica and Computer World

Working with the Microsoft Bounty program (where I'm on the judging panel) and I worked as the original Manager for the incoming IE bounty cases.