Coordinated Vulnerability Disclosure for Microsoft (Custom Video)

The video below was made with the Trustworthy Computing Team at Microsoft. As we learned, there is a debate brewing in the world of software security.  It's a debate about how to report problems that are discovered in software - what the industry calls "vulnerabilities". I'll let the video speak for itself on covering the issues.

For this post though, I want to talk about the use and power of visual metaphors, which was a big challenge for this project.  Here's a question for you: how do you visualize software?  We've used box like you see in a computer store, DVDs, binary code, etc.  These still aren't the best, but it's an ongoing challenge. Now, if software is hard to visualize, what about software vulnerabilities? That's a whole-other can of worms. 

This project, like many that we do, prompted us to come up with a symbol that is used throughout the video.  This is risky because if the symbol doesn't work for the client, it means taking two steps backward and completely rethinking the visuals.  For the idea of software vulnerability, we chose to use a chain metaphor.  Software is a system that works together and a vulnerability is essentially a crack in one of the chain links - it compromises the power of the whole system.  By making this point clear early in the video, we were able to establish a visual symbol of vulnerability that we could use for a lot of scenes.

Thankfully, Ken and the Trustworthy Computing Team liked the chain idea and the video.  See what you think: