When Vulnerability Disclosure Turns Ugly

Presented at The Eleventh HOPE (2016), July 22, 2016, noon (60 minutes)

Sam was accused of illegal hacking in the <em>SC Magazine</em> article "Professor Hacks University Health Conway in Demonstration for Class." That article made a mess so big, it took a real lawyer, <a href="https://xi.hope.net/speakers.html#Alex Muentz">Alex Muentz</a>, to clear it up. Sam will explain how this happened and Alex will then explain how he handled this and offer informed advice on the laws around vulnerability disclosure, along with how to use the media effectively. In addition, Alex will describe a few other cases where attempts at responsible disclosure went wrong, what had to be done to fix it, and how the disclosure <em>should</em> have been done.

Presenters:

• Sam Bowne
  Sam Bowne has been teaching security classes at City College in San Francisco since 2000. He has a PhD, a CISSP, and a lot of t-shirts.
• Alex Muentz
  Alex Muentz is both an information security consultant and a lawyer with a fondness for seersucker in this heat. He's spoken at a bunch of conferences you've heard of (HOPE, Defcon, ShmooCon). He occasionally takes pro-bono cases and attempts to avoid career-limiting moves.

Links:

• https://xi.hope.net/schedule.html#-when-vulnerability-disclosure-turns-ugly- (Conference Schedule)
• https://infocon.org/cons/2600/The Eleventh HOPE (2016)/The Eleventh HOPE (2016) - When Vulnerability Disclosure Turns Ugly.mp4
• https://www.youtube.com/watch?v=Q5CgVwsJ3Os

Similar Presentations:

• Still Hacking Anyway (SHA2017) / Developments in Coordinated Vulnerability Disclosure: The government is here to help
• The Eleventh HOPE (2016) / Your Level-Building Tool is Our Sound Stage
• The Eleventh HOPE (2016) / The Silk Road to Life without Parole - A Deeper Look at the Trial of Ross Ulbricht