Disclosure Panel

Presented at DEF CON 15 (2007), Aug. 3, 2007, 1 p.m. (50 minutes)

Concerns about ethics for security professionals has been on the rise of late. It's time for researchers and vendors to meet up and discuss the issues of ethical behavior in our industry and start setting some guidelines for future research and discussion. Join active analysts, vendors and researchers for a lively discussion.

Presenters:

• Dave Goldsmith
  Dave Goldsmith Dave Goldsmith was co-author of the first published i386 stack overflow, and is a respected consultant, trainer, and researcher with over eleven years of experience. David co-founded @stake, managed its critical NYC office, and led Symantec Security Academy. David co-invented firewalking, which reverse-engineers firewall rules from remote firewalls and authored security tools for ISS and Network Associates. Window Snyder is the Director of Ecosystem Development at Mozilla Corporation. Prior to joining Mozilla, Ms. Snyder was a principal, founder, and core team member at Matasano, a security services and product company based in New York City and a senior security strategist at Microsoft in the Security Engineering and Communications organization. At Microsoft she managed the relationships between security consulting companies and the Microsoft product teams and the outreach strategy for security vendors and security researchers. Previously she was responsible for security sign-off for Windows XP SP2 and Windows Server 2003. Ms. Snyder was Director of Security Architecture at @stake. She developed application security analysis methodologies and led the Application Security Center of Excellence. She was a software engineer for 5 years focused primarily on security applications, most recently at Axent Technologies, now Symantec. Ms. Snyder is co-author of "Threat Modeling", a manual for security architecture analysis in software.
• David Maynor - CTO, Errata Security
  David Maynor, CTO Errata Security David Maynor is a founder of Errata Security and serves as the Chief Technical Officer. Mr. Maynor is responsible for day-to-day technical decisions of Errata Security and also employs a strong background in reverse engineering and exploit development to produce Hacker Eye View reports. Mr. Maynor has previously been the Senior Researcher for Secureworks and a research engineer with the ISS Xforce R&D team where his primary responsibilities included reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread. Before ISS Maynor spent the 3 years at Georgia Institute of Technology (GaTech), with the last two years as a part of the information security group as an application developer to help make the sheer size and magnitude of security incidents on campus manageable.
• Ian Robertson - CSO, RIM
• Window Snyder, Vendor - Director of Ecosystem Development, Mozilla Corporation
• Paul Proctor, Moderator - VP, Gartner
• David Mortman, Moderator - CSO-in-Residence, Echelon One
  David Mortman, CSO-in-Residence, Echelon One As CSO-in-Residence, David Mortman, is responsible for Echelon One's research and analysis program. Formerly the Chief Information Security Officer for Siebel Systems, Inc., David and his team were responsible for Siebel's worldwide IT security infrastructure, both internal and external. He also worked closely with Siebel's product groups and the company's physical security team and is leading up Siebel's product security and privacy efforts. Previously, Mr. Mortman was Manager of IT Security at Network Associates, where, in addition to managing data security, he deployed and tested all of NAI's security products before they were released to customers. Before that, Mortman was a Security Engineer for Swiss Bank. A CISSP, member of USENIX/SAGE and ISSA, and an invited speaker at RSA 2002 and 2005 security conferences, Mr. Mortman has also been a panelist and speaker at RSA 2007, InfoSecurity 2003, Blackhat 2004, 2005 and 2006, Defcon 2005 and 2006 and will be speaking at Defcon 2007 as well. Mr. Mortman sits on a variety of advisory boards including Qualys and Flexilis amongst others. He holds a BS in Chemistry from the University of Chicago. Paul Proctor, Vice President, Security and Risk Practice, Gartner Research Mr. Proctor has been involved in information security since 1985. He was founder and CTO of two security technology companies and developed both first- and second-generation, host-based intrusion-detection technologies. Mr. Proctor is a recognized expert in the field of information security and associated regulatory compliance issues surrounding the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley, and the Gramm-Leach-Bliley Act (GLBA). He has authored two Prentice Hall books and many white papers and articles. Mr. Proctor is an accomplished public speaker and was recognized for his expertise by being appointed to the original Telecommunications Infrastructure Protection working group used by Congress to understand critical infrastructure protection issues prior to the terrorist attack of Sept. 11. Previously, he worked for SAIC, Centrax, CyberSafe, Network Flight Recorder and Practical Security.

Links:

• https://defcon.org/html/defcon-15/dc-15-speakers.html#Mortman
• https://infocon.org/cons/DEF CON/DEF CON 15/DEF CON 15 video/DEF CON 15 - Panel - Disclosure Panel - Video.mp4
• https://www.youtube.com/watch?v=kzdqJTjemss

Similar Presentations:

• Red Team Summit 2019 / Panel Discussion: Infrastructure
• Still Hacking Anyway (SHA2017) / SATORI project workshop: Working with ethical impact assessments