Stephen Toulouse is on his way out of the Microsoft Security Response Center for the less-stressful pixelated pastures of the company’s entertainment unit, and that’s bad news for customers. Toulouse has been the public face of the MSRC for several years when it came time to discuss the company’s response policies, processes and procedures. In my dealings with him over the last five years, Toulouse has been candid and forthcoming and was never afraid to say so if he thought that Microsoft could have handled a situation better or been quicker to react to a vulnerability or incident. That kind of candor is rare, not just from Microsoft, but from most vendors. The MSRC is full of really smart folks who in off-the-record conversations are up front about the challenges they face every day. But Microsoft keeps a tight lid on nearly all of them, and understandably so.
I’ve heard a number of researchers and others in the security industry say that being the point man for the MSRC has to be one of the more thankless jobs around. Hopefully the folks in Redmond will find someone with the same willingness to face the music and say what needs to be said as Toulouse had.