Microsoft has hired security expert Mark Curphey, the former Chief Technology Officer of SourceClear, who is bringing with him to Microsoft the "Oxygen" security platform and security-lifecycle applications he had been developing.
Curphey is joining the company as a member of the Application, Consulting and Engineering (ACE) team. Microsoft noted Curphey's hiring on the ACE Team Blog on October 8.
Curphey founded OWASP, the Open Web Application Project. He left FoundStone, a security consultancy purchased by McAfee in 2004, to form SourceClear. After realizing getting venture funding in the UK would be tough, Curphey said he decided to join forces with Microsoft to build the platform.
Exactly what is Oxygen? Curphey described it as "ERP for Information Security, the security management equivalent of what Visual Studio Team System is to software development or in more general terms an information security specific Governance Risk and Compliance platform."
My interpretation: It sounds like Oxygen might take the form of security guidance and management for line-of-business apps.
I asked Microsoft for more information on how Oxygen will fit into its security line-up and when a platform like Oxygen is likely to take its first public breath. No word back so far.
Ed Bellis, Chief Information Security Officer with Orbitz Worldwide blogged about the Curphey news and said it was a big win for Microsoft:
"A few years ago I never would have imagined writing this, but it has become very apparent that Microsoft is a serious security company. Sure they have many issues to deal with, but doesn’t any company of this size?"
What's your take: Is Microsoft a credible security player these days?