Description: Vulnerability Databases (VDBs) have provided information about security vulnerabilities for over 10 years. This has put VDBs in a unique position to understand and analyze vulnerability trends and changes in the security industry. This panel presentation will examine vulnerability information over the past several years with an emphasis on understanding security researchers, quality of research, vendors, disclosure trends and the value of security vulnerabilities. The emotional debate surrounding Full Disclosure has raged on for decades. This panel will use grounded data to discuss salient points of the debate to hopefully determine trends that may influence the debate. Maybe even in a positive fashion!
Jake Kouns is the co-founder, CEO, and CFO of the Open Security Foundation (OSF), a non-profit organization that oversees the operations of the Open Source Vulnerability Database (OSVDB.org) and Cloutage.org DataLossDB. All projects are independent and open source databases that provide detailed and unbiased technical information on security vulnerabilities, cloud security and data loss incidents world-wide. Mr. Kouns has presented at many well-known security conferences including RSA, CISO Executive Summit, EntNet IEEE GlobeCom, CanSecWest and SyScan. He is the co-author of the book Security in an IPv6 Environment, Francis and Taylor, 2009, and Information Technology Risk Management in Enterprise Environments, Wiley, 2010. He holds both a Bachelor of Business Administration and a Master of Business Administration with a concentration in Information Security from James Madison University. In addition, he holds a number of certifications including ISC2's CISSP, and ISACA's CISM, CISA and CGEIT.
Brian Martin has been maintaining or contributing to vulnerability databases since 1993. As the content manager for the Open Source Vulnerability Database (OSVDB), he is constantly exposed to new challenges in vulnerability management. A long-time advocate of vulnerability database evolution, he has helped push VDBs forward and challenged them to become more useful and more thorough. No degree or certifications; just 18 years working with vulnerabilities as part of the day job and hobbies. He remains a champion of small misunderstood creatures.
Steve Christey is a Principal Information Security Engineer in the Security and Information Operations Division at The MITRE Corporation. He is the editor of the Common Vulnerabilities and Exposures (CVE) list, Chair of the CVE Editorial Board, and technical lead for the Common Weakness Enumeration (CWE), CWSS, and the CWE/SANS Top 25 Software Most Dangerous Software Errors. He has been an active contributor to other efforts including NIST's Static Analysis Tool Exposition (SATE), the Common Vulnerability Scoring System (CVSS), the SANS Secure Programming exams, and a co-author of the influential "Responsible Vulnerability Disclosure Process" IETF draft with Chris Wysopal in 2002. His current interests include secure software development and testing, consumer-friendly software security metrics, the theoretical underpinnings of vulnerabilities, and vulnerability research. He holds a B.S. in Computer Science from Hobart College.
Carsten Eiram comes from a esrever engineering background and is a vulnerability connoisseur during the day with extensive experience in the fields of vulnerability research and Vulnerability Intelligence. At night, he's a binary ninja having successfully stalked, found, and killed many critical vulnerabilities in popular software from major software vendors. Carsten is currently the Chief Security Specialist at Secunia and holds the dual responsibility of developing and managing the Secunia Research unit as well as maintaining close dialogue with software vendors and the security community, thereby ensuring both the quality and integrity of Secunia's work. He is often referred to as the Security Beast, but has yet to manage getting that title on to his business c
Tags: securitytube , defcon , def con , hacking , hackers , information security , convention , computer security , DC 19 , defcon-19 , dc-19 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.