Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

ONLINE REGISTRATION NOW OPEN

           

THERE WILL ONLY BE A MAXIMUM OF 1010 SEATS SOLD - BE SURE TO REGISTER EARLY!!!

For up to the minute updates on HITB2012KUL, please follow our @hitbsecconf Twitter stream or join our Facebook Group

KATIE MOUSSOURIS (Senior Security Strategist, Microsoft Security Response Center)

PRESENTATION TITLE: How to Get Along With Vendors Without Really Trying

PRESENTATION ABSTRACT: 

As a security researcher, what you can and can’t get away with in terms of research (AKA hacking) and vulnerability disclosure is getting harder to keep track of. Laws seem to be getting stricter, especially around online services and critical infrastructure. Internet freedom fighters like the EFF have seemingly modified their stance with regard to the sale of exploits – or have they?

Lawmakers worldwide are struggling to make sense of this whole “cyber tubes” thing, and the security world has been struggling to get a voice heard in the debate. So how does a security researcher who just wants to find cool vulns and make a little legit cash get by without getting into more trouble than it’s worth?

Join Katie Moussouris, leader of Microsoft’s security community outreach and strategy team, as she takes you on a tour of the ever-evolving rules of engagement when it comes to reporting vulnerabilities to vendors. Attendees will leave with the understanding of what vendors will have to do if they wish to claim compliance with the soon-to-be-published ISO standard on vulnerability disclosure, as well as an up-to-the-moment snapshot of current major vendors’ online vulnerability security testing stances.  No legal guarantees or “get out of jail free” cards are offered with this talk, just a friendly guide that may smooth your next vendor disclosure encounter, and save you and the affected vendors some headaches in the whole process.

ABOUT KATIE MOUSSOURIS

Katie Moussouris leads the Security Community Outreach and Strategy team at Microsoft. Her team’s work encompasses Security Ecosystem Strategy programs such as Microsoft’s BlueHat conference and worldwide hacker conference engagement, security researcher outreach, Vulnerability Disclosure Policies, and MSVR (Microsoft Vulnerability Research, Microsoft’s research and reporting of vulnerabilities in 3rd party software). Katie also serves as the vulnerability disclosure lead SME for the US National Body of the International Standards Organization (ISO), having performed all three roles in disclosure – finder, coordinator, and vendor for both open and closed source software.

Katie was one of the Artists Formerly Known as @stake, and she published one of the last security advisories they released in 2004, prior to being acquired by Symantec. Katie has performed dozens of software penetration tests, security code audits, design reviews, and secure software development lifecycle reviews for major software vendors and major companies in industries across the board, from finance to e-commerce, to healthcare. She has found critical vulnerabilities and offered remediation recommendations for major components of critical infrastructure in these industries, before they could be widely exploited.

At Symantec, Katie founded and ran the first team in Symantec’s 20-year history to ever publish security vulnerability advisories in 3rd-party products. See http://www.symantec.com/research. Katie has spoken on Vulnerability Disclosure and secure development lifecycles at several security conferences, including RSA2010, SOURCEBoston, Shmoocon, Toorcon Seattle, and she was a keynote speaker at Shakacon in June 2008. Katie spoke at Black Hat USA in August of 2008 on her program, Microsoft Vulnerability Research (MSVR), and most recently again at BlackHat USA 2010 on disclosure. Katie is also working on a book on Vulnerability Disclosure.

EVENT ORGANIZER

SUPPORTED AND ENDORSED BY

GOLD SPONSORS

SILVER SPONSOR

HACKWEEKDAY SPONSOR

TITANIUM SPONSOR (POST CONFERENCE RECEPTION + SPEAKER RECEPTION)

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

CTF SPONSOR

CTF PRIZE SPONSOR

CTF MANAGED BY

VIDEO RECORDING SPONSOR

NETWORK EQUIPMENT SPONSOR

INTERNET CONNECTIVITY SPONSOR

ADDITIONAL SUPPORT BY

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2012 Hack In The Box | http://www.hackinthebox.org