Information & Ethics committee  When we look at the marketplace, we see it's continuously moving, right? What was put in place for security controls 10 years ago is different today, and that's part of the efforts of the community that's out there securing the IT environment. From our case, we analyze those com

Information & Ethics committee  We have breach notification requirements, obligations, and we notify our users if there's a suspected breach of their environment and recommend that they change their passwords. For the enterprise set, like that toolset that I mentioned—“Have I been pwned?”, I think it's called—

Information & Ethics committee  —that site has readily available dictionaries, so we feed those back to enterprise users as well. There's the notification of the individual users, and the we also help enterprises understand what's happening.

Information & Ethics committee  Just to chime in, we see that local hardware-based protections based on encryption are important to help support that password protection. Work that together with multifactor authentication, perhaps using something you have, something you own. I think an interesting counterpoin

Information & Ethics committee  We have a very robust data governance model at Microsoft whereby we recognize and are able to attribute and mark data and appropriately protect it. In areas where we need subcontractors, we use a very limited set. A lot of adjudication occurs before we select our subcontractors

Information & Ethics committee  Do you mean data between, let's say, an Xbox user and your Office 365 type of user? Is that the type of question?

Information & Ethics committee  What we see is that if you have a common Microsoft account, that allows you to maintain and manage your data across those properties. The Bing product team would not necessarily go directly from the Xbox team and back and forth for the data that's required. You are in control of

Information & Ethics committee  Again, across all the different platforms, I would have to look at each individual scenario that's done there to say largely that there's no data exchange across....

Information & Ethics committee  We recognize that the open-source community is a very vibrant community with a great development model. That open dialogue, that open discussion, has gone beyond simply the software conversation to broader projects. We saw that as an opportunity for us to help engage with that co

Information & Ethics committee  That's correct. There was a disclosure of credentials.

Information & Ethics committee  Having that access from the support side gave them the possibility to be able to do so.

Information & Ethics committee  That whole environment is an end-to-end trust-type model, so all you have to find is the weakest chain in the link. In this case, it was unfortunate that the administrative worker had a password that the hacker community was able to guess to get into that system.

Information & Ethics committee  Absolutely. Any time there's an incident within our environment, we bring the Microsoft security response team together with our engineering teams to see how we can do better. We took a look at the environment to see what happened and to make sure we could put in place tools such

Information & Ethics committee  We'd have to come back to the committee on the report and its findings. I'm not aware of that report. I had not searched it out myself.

Information & Ethics committee  Absolutely.