Security Industry Call-to-Action: We Need a Cloud Vulnerability Database

Presented at Black Hat Europe 2021, Nov. 11, 2021, 11:20 a.m. (40 minutes)

The shared responsibility model is broken. Companies are unable to keep up with cloud complexity, while vendors and cloud providers do not provide clear identification, tracking or severity for vulnerabilities discovered in their platforms. Moreover there is an inherent lack of transparency, as cloud providers do not share full details of exposure, impact, or mitigation steps for vulnerabilities discovered in their platform.<br> <br>Join the Wiz Research Team who uncovered several unprecedented cloud vulnerabilities in AWS, GCP and Azure in their journey and conclusions from the disclosure process. We will review key learnings and insights from OMIGOD, ChaosDB and AWS IAM cross-account vulnerabilities we uncovered.<br> <br>In this session we will make the case for extending the current CVE model to be more cloud friendly as the current model is broken and call everyone to join the movement for change.

Presenters:

  • Alon Schindel - Director of Data and Threat Research, Wiz
    Alon Schindel is the Director of Data and Threat Research at Wiz, the fastest growing unicorn in cloud security. He’s an experienced cybersecurity professional who has filled various lead roles in both development and research of cybersecurity products and specializes in threats and how to detect them. In his last position, Alon served as a Program Manager on Microsoft M365 Defender team. He is also enthusiastic about data research and AI and holds an MSc in Computational Neuroscience from the Hebrew University.
  • Shir Tamari - Head of Research, Wiz
    Shir Tamari is an experienced security and technology researcher specializing in vulnerability research and practical hacking. Shir is currently Head of Research of the cloud security company Wiz. In the past, he served as a consultant to a variety of security companies in the fields of research, development and product. Shir is also a member of the 5BC CTF team.

Links:

Similar Presentations: