Topic: Conferences & Events
Last week we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.
Over the next couple of months, we’ll be publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.
I recently attended the world’s largest consumer technology show in the world: CES. It was my first time at the show and I was excited to not only see the latest gadgets, but also attend some of the sessions. Of course, as a hacker I couldn’t help but apply the “how to break in” filter to everything I saw, especially with the growth of IoT as an attack vector in the last couple of years. I didn’t go it alone: my friend and colleague Daniel Miessler joined me. Daniel is the Director of Advisory Services at IOActive and project leader for the OWASP IoT project.
Today is the first day of another Consumer Electronics Show–CES. Launched 50 years ago the show has been the place to see the latest gadgets, but over the last several years the scope of the show has grown. From cars to drones to personal fitness devices, the show once named for the consumer “electronics” it showcased now features all things consumer technology.
Today our CEO, Casey Ellis, and founder and attorney at Cipher Law, James Denaro stepped on stage at AppSecUSA 2016 to talk about the logistics and legalities of bug bounties. They talked through some of the most common concerns people have about bug bounties and discussed both ways to address those concerns, as well as implement liability controls.
Now that we’ve rested our feet, drank some water, and adjusted from the Las Vegas time warp, we thought we’d give a brief recap of our week. In the six days we spent boots down in Vegas, we caught some great talks with some of our favorite people, threw, sponsored and attended awesome events, and as always, met amazing folks from the InfoSec community.
My favorite thing about going to conferences is establishing the underlying trends behind the questions I’m asked. We’re only half-way through RSAC/BSides week, and already the dominant question is clear:
When is the government going to start a bug bounty program?
Here’s my answer:
The government has no choice but to adopt a crowdsourced model for vulnerability discovery, it’s more a question of when will the pain of staying the same exceed the pain of change.