Repairing The internet With Responsible Disclosures

Presented at DeepSec 2017 „Science First!“, Unknown date/time (Unknown duration).

In 2016 a non-profit organization, GDI.foundation, operated by volunteers, started reporting vulnerabilities as responsible disclosures (coordinated vulnerability disclosures) and helping victims of ransom attacks worldwide under the name PROJECT366. As chairman & co-founder of that organization I would like to share the experiences and challenges they have faced so far. In the last 19 years I, Victor Gevers (@0xDUDE) have made over 5,250 security reports without getting in trouble with the law. In this talk, you'll be taken through the experiences of the last 19 years in "how you could report ‘bad news' and show our attempts to report as many vulnerabilities as humanly possible and how to deal with those on the other side, the organizations who receive these reports and the challenges each side faces.

Presenters:

  • Victor Gevers (0xDUDE) - GDI.foundatoin
    Victor Gevers (also known as 0xDUDE) is a senior security specialist working as innovation manager for the Dutch Government, specialized in network, mobile, and web application security.He performs research on state-of-the-art attack and defense mechanisms, hacking techniques and OSINT. In his free time he is a vulnerability researcher and hunts down weak security implementations.On several occasions he has being pointed out to be a true responsible disclosure evangelist, practicing the art over 19 years and has made over five thousand responsible disclosures world-wide.

Links: