Follow us
Description: In a software company, the roles of a software developer and a vulnerability researcher might seem to have little symbiosis. At Adobe, we have found that building working relationships between the two is to the benefit of the players, of software security, and helps us serve our customers and partners better. In this talk, we’ll discuss incident response (IR) at Adobe and our involvement in vulnerability sharing with partners through the Microsoft Active Protections Program (MAPP). We’ll show how a mature IR process developed into a workflow for collaboration between developers and vulnerability researchers on addressing vulnerabilities covered in MAPP. We’ll present some insights on security bug fixing in a complex product area (3D graphics). We’ll demonstrate how the collaborative relationships catalyzed Adobe’s response to two zero-days in December 2011, CVE-2011-2462 and CVE-2011-4369, resulting in accelerated patch development. We’ll review what the collaborators learned from responding to these zero-days and conclude by offering best practices for other security-development team collaborations.
Dr David Rees is a Group Lead in the Adobe Acrobat team, specializing in 3D and GIS topics while managing relationships with industry partners. Prior to that, David was CTO at Altor Systems, developing and licensing high performance 3D engine and gaming technology, and a Lead at Electronic Arts advanced technology labs. He holds a PhD in Computer Science from University College London, and a BSc in Computer Science from Exeter University. He has spoken and published in the subject areas of Archaeology, Astronomy, Computer Graphics, Geomatics, HCI, and Image Processing.
Karthik Raman, CISSP, is a security researcher on the Adobe Secure Software Engineering Team (ASSET), where he focuses on vulnerability analysis and technical collaboration with industry partners. Before joining Adobe, Karthik was a research scientist at McAfee Labs, where he worked on threat analysis, building automation systems, malware analysis, and developing advanced antimalware technology. Karthik holds a Master of Science degree in Computer Science from UC Irvine and Bachelor of Science degrees in Computer Science and Computer Security from Norwich University. Karthik has spoken at Infosec Southwest, SOURCE Boston, LayerOne, and delivered a Black Hat Web cast.
Tags: securitytube , hacking , hackers , information security , convention , computer security , SOURCE-Seattle-2012 ,
Latest from the SecurityTube Blog:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Original Source: http://www.youtube.com/watch?v=-yCHjvZ-WQs
Comments (None):
Login to post a comment
-
Hack Of The Day: Customizing Shellcode For Fun And Profit
-
Hack Of The Day: How Do I Run Untrusted Shellcode?
-
Securitytube Linux Assembly Expert Exam Format
-
[Slae] Writing An Custom Insertion Encoder
-
[Slae] Execve Shellcode Stack Method
-
[Slae] Shellcoding Basics
-
[Slae] Using Libc And Nasm
-
[Slae] Hello World In Assembly Language
-
[Slae] What Is Assembly Language?
-
Securitytube Linux Assembly Expert (Slae) Course Introduction
-
Dumping Class Information In Ios Applications Using Class-Dump-Z
-
Setting Up Sogeti's Data Protection Tools On Ios
-
Creating A Remote Root Shell Using Bash And Launchd On Ios 6.0.1
-
Monitoring Strcpy With Bphook In The Immunity Debugger
-
Securitytube Gnu Debugger Expert: Part 14: Gdb On 64 Bit Systems
-
Securitytube Gnu Debugger Expert: Part 13: Iphone Application Reversing And Cracking With Gdb
-
Securitytube Gnu Debugger Expert: Part 12: Cracking A Simple Program On Arm Architectures
-
Securitytube Gnu Debugger Expert: Part 11: Setting Up Debian Armel In Qemu
-
Securitytube Gnu Debugger Expert: Part 10: Conditional Breakpoints Using Variables And Registers
-
Securitytube Gnu Debugger Expert - Part 9: Disassembling And Cracking A Simple Binary