VB2014 preview: keynote and closing panel

Posted by   Virus Bulletin on   Sep 16, 2014

Vulnerability disclosure one of the hottest issues in security.

In the proceedings of the 24th Virus Bulletin conference, the words 'vulnerabilty' and 'vulnerabilities' occur more than 200 times. I think there is no better way to demonstrate how important a topic this is.

Some approach vulnerabilities from a purely defensive point of view: how do we make sure our software detects exploits of vulnerabilities? Or even at a meta level: how do we test such software?

Others are worried about vulnerabilities in the software they develop, while yet another group of people spend their time trying to find such vulnerabilities. To bring these latter two groups together, bug bounties have become an increasingly common way to reward responsible disclosure.

Few know more about bug bounties than Katie Moussouris (@k8em0). While working for Microsoft, she was instrumental in introducing the company's bug bounty programme. In her current role, as Chief Policy Officer at HackerOne, she helps other companies deal with vulnerability response and set up bug bounty programmes, most recently Twitter.

In her keynote 'Choose your own keynote adventure - bounties and standards and vuln disclosure, oh my!', Katie will discuss various elements of vulnerability response. The keynote will be very interactive and she will answer questions both from the VB2014 audience and from Twitter.

Some vulnerabilities, however, are so serious and affect so many that the question of how to reward their discoverers becomes almost irrelevant. The most important thing here is to make sure that those affected have patched before those interested in exploiting the vulnerability learn about it.

How we can make sure this happens smoothly will be the topic of the closing panel 'Vulnerability sharing in the age of Heartbleed'. Chaired by Chester Wisniewski (Sophos), the discussion will be the next in a series of gripping closing panels that will show new attendees why people at VB always stay until the very end.

  The VB2013 closing panel.

VB2014 takes place next week in Seattle. It is proving to be the most popular VB conference ever, but you can still register.

Posted on 16 September 2014 by Martijn Grooten

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.