Presented at
DEF CON 10 (2002),
Aug. 3, 2002, 11 a.m.
(50 minutes).
The vulnerability reporting process is rife with competing interests. Research is conducted by software vendors themselves, paid consultants, government agencies, professional and academic researchers, as well as people who make their living in other ways. Each of these groups have particular interests in the process. The vendor of the targeted software has their concerns. The public at large has an interest in the process (and its results), but it is unclear what the public should be concerned with. This talk explores vulnerability reporting from all angles, including that of the public good. Atendees will learn a rudimentary cognitive framework for understanding the powers in play in vulnerability reporting and apply that to understand the present and the future of security.
Presenters:
-
Scott S. Blake, CISSP
- Vice President, Information Security BindView Corporation razor.bindview.com
As BindView's Vice President of Information Security and an internationally recognized security expert, Mr. Blake is responsible for providing security expertise to BindView's corporate strategy and operations. Before taking this role, he was the leader of BindView's RAZOR security research team. Prior to joining BindView, Mr. Blake designed perimeter security, network security architectures, and developed security policies for several large companies including leaders in financial services and telecommunications, as well as several large hospitals and universities. He has spoken at many security conferences, authored numerous articles on security topics and is frequently sought by the press for commentary. He holds a BA in Social Sciences (International Relations) from Simon's Rock College, an MA in Sociology (Political Theory) from Brandeis University, and is a Certified Information Systems Security Professional.
Links:
Similar Presentations: