Don’t hate the Disclosure, Hate the Vulnerability: How the government is bringing researchers and vendors together to talk vulnerability disclosure.

Presented at BSidesLV 2015, Aug. 4, 2015, 3 p.m. (55 minutes)

Good information security policy requires addressing a myriad of complicated, inter-related issues, while still adhering to the Hippocratic principle of "First, Do No Harm." Rather than new regulation, one approach is to bring those that understand the issues and have a stake in the game together to find common ground. This talk will present the US Department of Commerce's new initiative on vulnerability research disclosure, and explain the multistakeholder process that builds on community experience to build trust between security researchers and software and system vendors. The goals are to identify and promote common principles and best practices that all parties agree will promote  We'll translate DC buzzwords, and ask for your feedback on how we can make this process better.

Presenters:

• Allan Friedman - Director of Cybersecurity - US Department of Commerce
  Dr. Allan Friedman is the Director of Cybersecurity Initiatives at National Telecommunications and Information Administration in the US Department of Commerce, where he runs multistakeholder processes on issues including IoT and vulnerability disclosure. Prior to joining the Federal government, Friedman was a noted infosec and technology policy researcher at a range of institutions, including Harvard University, the Brookings Institution, and George Washington University. Wearing the hats of both a technologist and a policy scholar, his work spans computer science, public policy and the social sciences, and has addressed a wide range of policy issues, from cryptography to telecommunications. Friedman has over a 15 years of experience in security research, with a particular focus on economic, market, and trade issues. He is the coauthor of Cybersecurity and Cyberwar: What Everyone Needs to Know (Oxford University Press, 2014). Friedman has a Computer Science degree from Swarthmore College, a PhD in Public Policy from Harvard University, and has made his peace with the word "cybersecurity."

Links:

• https://bsideslv2015.sched.com/event/3uqu/dont-hate-the-disclosure-hate-the-vulnerability-how-the-government-is-bringing-researchers-and-vendors-together-to-talk-vulnerability-disclosure
• https://infocon.org/cons/Security BSides/BSides Las Vegas/BSides Las Vegas 2015/CG02-Dont-hate-the-Disclosure-Hate-the-Vulnerability-How-the-government-is-bringing-researchers-and-vendors-together-to-talk-vulnerability-disclosure-Allan-Friedman.mp4

Similar Presentations:

• DEF CON 10 (2002) / Disclosure: The Mother of All Vulnerabilities
• BSidesLV 2016 / Survey says… Making progress in the Vulnerability Disclosure Debate
• Still Hacking Anyway (SHA2017) / Developments in Coordinated Vulnerability Disclosure: The government is here to help