VB2014 preview: keynote and closing panel

Posted by   Virus Bulletin on   Sep 16, 2014

Vulnerability disclosure one of the hottest issues in security.

In the proceedings of the 24th Virus Bulletin conference, the words 'vulnerabilty' and 'vulnerabilities' occur more than 200 times. I think there is no better way to demonstrate how important a topic this is.

Some approach vulnerabilities from a purely defensive point of view: how do we make sure our software detects exploits of vulnerabilities? Or even at a meta level: how do we test such software?

Others are worried about vulnerabilities in the software they develop, while yet another group of people spend their time trying to find such vulnerabilities. To bring these latter two groups together, bug bounties have become an increasingly common way to reward responsible disclosure.

Few know more about bug bounties than Katie Moussouris (@k8em0). While working for Microsoft, she was instrumental in introducing the company's bug bounty programme. In her current role, as Chief Policy Officer at HackerOne, she helps other companies deal with vulnerability response and set up bug bounty programmes, most recently Twitter.

In her keynote 'Choose your own keynote adventure - bounties and standards and vuln disclosure, oh my!', Katie will discuss various elements of vulnerability response. The keynote will be very interactive and she will answer questions both from the VB2014 audience and from Twitter.

Some vulnerabilities, however, are so serious and affect so many that the question of how to reward their discoverers becomes almost irrelevant. The most important thing here is to make sure that those affected have patched before those interested in exploiting the vulnerability learn about it.

How we can make sure this happens smoothly will be the topic of the closing panel 'Vulnerability sharing in the age of Heartbleed'. Chaired by Chester Wisniewski (Sophos), the discussion will be the next in a series of gripping closing panels that will show new attendees why people at VB always stay until the very end.

  The VB2013 closing panel.

VB2014 takes place next week in Seattle. It is proving to be the most popular VB conference ever, but you can still register.

Posted on 16 September 2014 by Martijn Grooten

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Test your technical and mental limits in the VB2017 foosball tournament

As has become tradition, VB2017 will once again see a security industry table football tournament. Register your team now for some great fun and adrenaline-filled matches in between sessions in Madrid!

The case against running Windows XP is more subtle than we think it is

Greater Manchester Police is one of many organizations still running Windows XP on some of its systems. This is bad practice, but the case against running XP is far more subtle than we often pretend it is.

Hot FinSpy research completes VB2017 programme

Researchers from ESET have found a new way in which the FinSpy/FinFisher 'government spyware' can infect users, details of which they will present at VB2017 in Madrid.

Transparency is essential when monitoring your users' activities

Activity monitoring by security products in general, and HTTPS traffic inspection in particular, are sensitive issues in the security community. There is a time and a place for them, VB's Martijn Grooten argues, but only when they are done right.

VB2017 preview: Android reverse engineering tools: not the usual suspects

We preview the VB2017 paper by Fortinet researcher Axelle Apvrille, in which she looks at some less obvious tools for reverse engineering Android malware.