Explore a critical discussion on vulnerability disclosure methods and their effectiveness in a 2-hour conference talk from Black Hat USA 1999. Delve into the three primary ways administrators discover security vulnerabilities: vendor fixes and patches, security advisories, and full disclosure mailing lists. Analyze the responsiveness of vendors to security problems without public pressure and evaluate the impact of full disclosure on problem-solving. Examine successes and failures of each method, and consider necessary steps to address the issue of vulnerability management. Engage in a thought-provoking exploration of this contentious topic in cybersecurity, led by Jeremy Rauch, as it sparks interesting discussions on balancing transparency and security in the digital landscape.
Overview
Syllabus
Black Hat USA 1999 - Vendors/response to security problems w/ no pressure to go public?
Taught by
Black Hat