Posted by Martijn Grooten on Mar 8, 2017
Last night, this Tweet caught my attention:
The majority of “security research” presented at conferences is really vulnerability research. Far too few new ideas about securing systems.— firstname.lastname@example.org (@nxsolle) March 7, 2017
Now I, like most security professionals, love a good presentation on a new vulnerability. They tend to be funny, intriguing and more often than not you learn a thing or two from them as well. I also think that those working in the defensive side of security should see these talks: you can't do security these days without knowing what's going on "on the other side".
But I agree with the Tweet's main sentiment: there aren't enough talks about defence. Not only does that mean there are fewer opportunities for those tasked with defending systems to learn from their colleagues, it also leads to a somewhat distorted view that everything is horribly broken and we have no idea as to how to secure things properly.
That is not the case. We are just in the paradoxical situation that companies that are good at the job of not making the news because of security issues... don't make the news.
So, is it your job to defend your company's network? Are you defending a government's systems? Do you help secure the devices used by activists operating in less open societies? Do you work with abuse victims targeted by spyware?
Then we want to hear from you! Submit a paper for VB2017 (Madrid, 4-6 October) and this autumn you could be sharing your work with an international audience of some of the world's leading security experts.