VB2014 preview: keynote and closing panel

Posted by   Virus Bulletin on   Sep 16, 2014

Vulnerability disclosure one of the hottest issues in security.

In the proceedings of the 24th Virus Bulletin conference, the words 'vulnerabilty' and 'vulnerabilities' occur more than 200 times. I think there is no better way to demonstrate how important a topic this is.

Some approach vulnerabilities from a purely defensive point of view: how do we make sure our software detects exploits of vulnerabilities? Or even at a meta level: how do we test such software?

Others are worried about vulnerabilities in the software they develop, while yet another group of people spend their time trying to find such vulnerabilities. To bring these latter two groups together, bug bounties have become an increasingly common way to reward responsible disclosure.

Few know more about bug bounties than Katie Moussouris (@k8em0). While working for Microsoft, she was instrumental in introducing the company's bug bounty programme. In her current role, as Chief Policy Officer at HackerOne, she helps other companies deal with vulnerability response and set up bug bounty programmes, most recently Twitter.

In her keynote 'Choose your own keynote adventure - bounties and standards and vuln disclosure, oh my!', Katie will discuss various elements of vulnerability response. The keynote will be very interactive and she will answer questions both from the VB2014 audience and from Twitter.

Some vulnerabilities, however, are so serious and affect so many that the question of how to reward their discoverers becomes almost irrelevant. The most important thing here is to make sure that those affected have patched before those interested in exploiting the vulnerability learn about it.

How we can make sure this happens smoothly will be the topic of the closing panel 'Vulnerability sharing in the age of Heartbleed'. Chaired by Chester Wisniewski (Sophos), the discussion will be the next in a series of gripping closing panels that will show new attendees why people at VB always stay until the very end.

  The VB2013 closing panel.

VB2014 takes place next week in Seattle. It is proving to be the most popular VB conference ever, but you can still register.

Posted on 16 September 2014 by Martijn Grooten

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Subtle change could see a reduction in installation of malicious Chrome extensions

Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.

Paper: EternalBlue: a prominent threat actor of 2017–2018

We publish a paper by researchers from Quick Heal Security Labs in India, who study the EternalBlue and DoublePulsar exploits in full detail.

'North Korea' a hot subject among VB2018 talks

Several VB2018 papers deal explicitly or implicitly with threats that have been attributed to North Korean actors.

Expired domain led to SpamCannibal's blacklist eating the whole world

The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it effectively listing every single IP address.

MnuBot banking trojan communicates via SQL server

Researchers at IBM X-Force have discovered MnuBot, a banking trojan targeting users in Brazil, which is noteworthy for using SQL Server for command and control communication.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.