Tweet
Under the best of circumstances, coordinating disclosure of vulnerabilities can be a challenge. At times it can feel like everyone involved in CVD has conflicting motivations. The truth is that all of us are aspiring to do the right thing for end-users based on our perspective. The panel will share experiences and show how researchers and technology companies can work together to improve the impact of disclosing vulnerabilities on the technology ecosystem. Join CRob (Red Hat), Lisa Bradley (Dell), Katie Noble (Intel), Omar Santos (Cisco), Anders Fogh (Intel) and Daniel Gruss (TU Graz) for an exciting and engaging dialog between security researchers and industry experts on the Joy of coordinating vulnerability disclosure.
Presentation Outline
This will be an interactive session between the panelists. The following questions are seeds for what will be a dynamic and lively discussion:
What does CVD mean to you and what is your motivation to disclose?
What benefits have the panelists seen in coordinating vulnerability disclosure?
What problems have you had with CVD?
How does CVD work in open source projects?
How do you prepare for coordinated vulnerability disclosure and what challenges do you face?
How could researchers and industries work better together?
Takeaways
Learn about the exciting world of Coordinated Vulnerability Disclosure.
Hear from experts from both the research community as well as the vendors they report issues to.
Learn from the coordination mistakes from the past to not repeat them in the future.
Learn about the current struggles with CVD and what needs to be done to improve CVD.
Problem to solve
The hope is that this constructive interaction will remove some of the impediments of relationships between product developers and security researchers. The goal is to open a door for dialogue that will bring more stability in the experiences we all have in coordinating vulnerability disclosure. All technology users are impacted by security vulnerabilities, how those issues are communicated and dealt with are critical to impacted individuals and organizations to effectively manage the information security risk. The panel hopes to show "both sides" of the issue and highlight our different perspectives, and ideally showcase we're all working to help secure end-users around the globe.
Speaker(s): Daniel Gruss, CRob, Lisa Bradley, Katie Noble, Omar Santos, Anders Fogh
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-07 10:30 (10:30 AM) PDT (UTC -07:00)
Event ends: 2020-08-07 11:30 (11:30 AM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:24 (UTC).
Presentation Outline
This will be an interactive session between the panelists. The following questions are seeds for what will be a dynamic and lively discussion:
What does CVD mean to you and what is your motivation to disclose?
What benefits have the panelists seen in coordinating vulnerability disclosure?
What problems have you had with CVD?
How does CVD work in open source projects?
How do you prepare for coordinated vulnerability disclosure and what challenges do you face?
How could researchers and industries work better together?
Takeaways
Learn about the exciting world of Coordinated Vulnerability Disclosure.
Hear from experts from both the research community as well as the vendors they report issues to.
Learn from the coordination mistakes from the past to not repeat them in the future.
Learn about the current struggles with CVD and what needs to be done to improve CVD.
Problem to solve
The hope is that this constructive interaction will remove some of the impediments of relationships between product developers and security researchers. The goal is to open a door for dialogue that will bring more stability in the experiences we all have in coordinating vulnerability disclosure. All technology users are impacted by security vulnerabilities, how those issues are communicated and dealt with are critical to impacted individuals and organizations to effectively manage the information security risk. The panel hopes to show "both sides" of the issue and highlight our different perspectives, and ideally showcase we're all working to help secure end-users around the globe.
Speaker(s): Daniel Gruss, CRob, Lisa Bradley, Katie Noble, Omar Santos, Anders Fogh
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-07 10:30 (10:30 AM) PDT (UTC -07:00)
Event ends: 2020-08-07 11:30 (11:30 AM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-29T01:24 (UTC).