Coordinated Disclosure of ICS Products: Who's got time for that?

Presented at BSidesLV 2019, Aug. 6, 2019, 2 p.m. (25 minutes)

This discussion would be a reflection of past public, good and bad, disclosures based on past experiences and data collected by CISA. It would also attempt to highlight vendor disclosure policies, software development lifecycles and describe common asset owner patching cycles from the industrial control system perspective in comparison to researcher disclosure policies.

Presenters:

• Jay Angus
  Jay Angus is a career civil servant and currently the federal lead for Industrial Control System vulnerability management and coordination. He has worked for the federal government for 15 years and spent the past ten years involved in cybersecurity. Specifically the past five years he has worked with the Department of Homeland Security supporting industrial control system operations and vulnerability management.

Similar Presentations:

• THOTCON 0xB (2021) Rescheduled / The Year of the Vulnerability Disclosure Policy
• Still Hacking Anyway (SHA2017) / Developments in Coordinated Vulnerability Disclosure: The government is here to help
• DEF CON 10 (2002) / Disclosure: The Mother of All Vulnerabilities