Explore the progress made in vulnerability disclosure debates through Allan Friedman's comprehensive conference talk at BSidesLV 2016. Delve into survey results, common ground, and key learnings in the field of cybersecurity. Examine communication strategies, expectations, and the role of technology providers in vulnerability disclosure. Analyze maturity levels, best practices, and motivations behind disclosure practices. Discuss critical industries, legal concerns, and scope management. Investigate coordinated disclosure models, multiparty scenarios, and incentives. Learn about principles, human goals, and strategies for broader adoption of effective vulnerability disclosure practices. Gain insights into the complexities and challenges faced in the cybersecurity landscape, and discover potential solutions for improving vulnerability management across various sectors.
Survey Says - Making Progress in the Vulnerability Disclosure Debate
Overview
Syllabus
Intro
The Big Learning
Why
Survey
Survey Monkey Routes
Survey Monkey Responses
Survey Results
Survey Results Communication
Survey Results Expectations
Survey Results Technology Providers
Survey Results Maturity
Why are they doing this
Which best practices are they looking
brainstorm ideas for driving adoption
we didnt want to reopen old wounds
fear of legal reprisal
safety
initial scope
implicit scope
covenant
expectation management
white hat motivations
critical industries
more feedback
how to change management
Coordination Center
Multiparty Disclosure
Special Interest Group
Why coordinated disclosure
General agreement on the model
Complexity
Conflict
Simple Example
Missed Expectations
Multiparty
Incentives
Principles
Human Goals
Feedback
Awareness Adoption Group
How do we get broader adoption
Taught by
BSidesLV
