Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Politics of Vulnerability Reporting Black Hat Briefings, Europe 2001 Scott Blake Director of Security Strategy BindView Corporation/RAZOR Research.

Published byNaomi Tamsin Morris Modified over 9 years ago

Similar presentations

Presentation on theme: "A Politics of Vulnerability Reporting Black Hat Briefings, Europe 2001 Scott Blake Director of Security Strategy BindView Corporation/RAZOR Research."— Presentation transcript:

1 A Politics of Vulnerability Reporting Black Hat Briefings, Europe 2001 Scott Blake Director of Security Strategy BindView Corporation/RAZOR Research

2 September 5, 2015 Agenda Introduction –What is Politics? The Past and Present –Ideologies, Actors, and Initiatives The Future –Trends and Probabilites

3 September 5, 2015 What is Politics? The study of power –Power is the ability to make one do what one would not otherwise do. Important Terms –Actor: One who uses or is subject to power –Ideology: A set of beliefs or ideas –Legitimacy: In accordance with established standards or patterns –Authority: Legitimate power

4 September 5, 2015 Ideologies Full disclosure Zero disclosure Responsible Disclosure

5 September 5, 2015 Full Disclosure Tenets –Information wants to be free –Use the power of public opinion to make vendors improve code –Exploit code is more useful than destructive Adherents –Most non-profit researchers –Very few commercial researchers

6 September 5, 2015 Zero Disclosure Tenets –Responsibility for fixing vulnerabilities lies with software vendor –Authors of software should control information relating to that software –There is no public good in broad availability of vulnerability information Adherents –Many software vendors –Many government actors –Much of the Public

7 September 5, 2015 Responsible Disclosure Tenets –Exploit code causes more problems than it solves –Broad dissemination of vulnerability information is required to improve security awareness –Use the power of public opinion to make vendors improve code Adherents –Most commercial researchers –Some notable software vendors

8 September 5, 2015 The Actors Vendors Researchers Governments Media The Public

9 September 5, 2015 Vendors Motivators –Shareholder value Financing –Software Sales Interests –Limit damage to brand value –Limit vulnerability of customers –Sell more software Power Relations –Often try to prevent public disclosure of vulnerability information through legal action, market leverage, lobbying

10 September 5, 2015 Researchers Motivators –Advance state of the art –Build more security –Build name recognition/peer respect Financing –Day Job –Customers (Grant, Contract) –Software sales

11 September 5, 2015 Researchers (2) Interests –Continue financing source –Maintain/extend reputation Power Relations –Hobbyists are largely free from external influence providing the day job does not interfere –Academic and consultative researchers are largely beholden to their funding source, but different funders set different restrictions –Commercially-sponsored researchers are beholden to the parent company’s interests

12 September 5, 2015 Governments Motivators –Technocratic perception of public good Financing –Taxes –Campaign Contributions Interests –Economic growth –Public Safety Power Relations –Prosecution of criminal or negligent behavior –Large purchaser of information technology

13 September 5, 2015 The Media Motivators –“All the news that’s fit to print” Financing –Advertisements –Subscribers Interests –More readers Power Relations –Very powerful creators of brand, image –Influencers of public perception

14 September 5, 2015 The Public Motivators –Too chaotic to be relevant Financing –Too chaotic to be relevant Interests –Stable, secure software Power Relations –Wields tremendous power, but very difficult to direct in any specific direction

15 September 5, 2015 Initiatives Council of Europe Cybercrime Treaty US Anti-terrorism legislation Disclosure Forums Coalition for Internet Safety

16 September 5, 2015 Council of Europe’s Cybercrime Treaty Intended Outcomes –Harmonize and update European computer crime laws Unintended Outcomes –Potential for mis-implementation of tools provisions may have chilling effect on research –Language pertaining to intent may lead to certification requirements for security practitioners

17 September 5, 2015 USA’s PATRIOT Act Intended Outcomes –Adds cybercrime to list of terrorist acts –Strengthens provisions against aiding and abetting terrorists Unintended Outcomes –Since hackers are now terrorists, is publishing vulnerability information aiding and abetting?

18 September 5, 2015 Disclosure Forums Intended Outcomes –Get information to those who need it Unintended Outcomes –Puts information in the hands of the “bad guys”

19 September 5, 2015 Coalition for Internet Safety Intended Outcomes –Limit availability of information to “bad guys” Unintended Outcomes –Limit availability of information to everyone

20 September 5, 2015 Trends Increasing legislation Improving communication channels More and more research being done More vicious attacks Continuing penetration of Internet access

21 September 5, 2015 Probabilities Will the public demand security? Who will pay for security? A war on hackers/cyberterrorists? Lessons from recent events Security for the people?

Download ppt "A Politics of Vulnerability Reporting Black Hat Briefings, Europe 2001 Scott Blake Director of Security Strategy BindView Corporation/RAZOR Research."

Similar presentations

Building Civic Life on the New Frontier Submitted by:- Maulika. R. Kapoori (100500116015)

Building Civic Life on the New Frontier Submitted by:- Maulika. R. Kapoori ( )
4.04 Unit 4 Exam Questions Mia.

4.04 Unit 4 Exam Questions Mia.
Promotion Means Effective Communications Marketing Chapter 15.

Promotion Means Effective Communications Marketing Chapter 15.
The Scope and Challenge of International Marketing

The Scope and Challenge of International Marketing
The Voice of Carers Developing carer organisations across Europe Sebastian Fischer VOCAL - Voice of Carers Across Lothian Coalition of Carers in Scotland.

The Voice of Carers Developing carer organisations across Europe Sebastian Fischer VOCAL - Voice of Carers Across Lothian Coalition of Carers in Scotland.
Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?

Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
The AMA Code of Ethics Could Egyptian Marketing Professionals Agree on a List of Rules, Perhaps Similar to This? The IMI Journal. Members of the AMA are.

The AMA Code of Ethics Could Egyptian Marketing Professionals Agree on a List of Rules, Perhaps Similar to This? The IMI Journal. Members of the AMA are.
Facilitating business for the Iraqi private companies and its participating Dr. Abdulla Saleem Al-Bayati Professor of Planning and controlling humanitarian.

Facilitating business for the Iraqi private companies and its participating Dr. Abdulla Saleem Al-Bayati Professor of Planning and controlling humanitarian.
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.

1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
1 CSI COMPLIANCE AWARENESS TRAINING ANTI MONEY LAUNDERING July 2004 This is confidential proprietary and trade secret information of American Express Travel.

1 CSI COMPLIANCE AWARENESS TRAINING ANTI MONEY LAUNDERING July 2004 This is confidential proprietary and trade secret information of American Express Travel.
Developing and Marketing Products

Developing and Marketing Products
Welcome to class of Introduction to Marketing Research by Dr. Satyendra Singh.

Welcome to class of Introduction to Marketing Research by Dr. Satyendra Singh.
Gaming Laws and Advertising Laws in Europe Latest Developments Thibault VERBIEST Partner – ULYS Casino Affiliate.

Gaming Laws and Advertising Laws in Europe Latest Developments Thibault VERBIEST Partner – ULYS Casino Affiliate.
Commercial Art Promoting ideas… Motivating people…

Commercial Art Promoting ideas… Motivating people…
Graphic Design.  Graphic Designers create designs using print, electronic, and film media.  About 26% of Graphic designers are self employed.  To be.

Graphic Design.  Graphic Designers create designs using print, electronic, and film media.  About 26% of Graphic designers are self employed.  To be.
The Social Context of Computing Foundation Computing Never underestimate the power of human stupidity.

The Social Context of Computing Foundation Computing Never underestimate the power of human stupidity.
Effectiveness of magazine advertising Summary of adspend trends & international research Guy Consterdine Guy Consterdine Associates & Research Consultant,

Effectiveness of magazine advertising Summary of adspend trends & international research Guy Consterdine Guy Consterdine Associates & Research Consultant,
Strengthening the quality of research for policy engagement in the African context – achievements and aspirations Tebogo B. Seleka Botswana Institute for.

Strengthening the quality of research for policy engagement in the African context – achievements and aspirations Tebogo B. Seleka Botswana Institute for.

Similar presentations

Ads by Google