2008: A smarter arms race: intelligence-driven security

Document created by tinacostilla on Sep 14, 2012Last modified by tliu on Jul 8, 2014
Version 2Show Document
  • View in full screen mode


A smarter arms race: intelligence-driven security

Speaker: Marc Eisenbarth, HP

Over 10,000 vulnerabilities make up today's threat landscape, yet exploitation of only one percent of them has caused the majority of damage. Viewed in hindsight, the bulk of critical events can be attributed to vulnerabilities not being properly prioritized by security vendors and practitioners. In this session, we look at the question of prioritization from the attacker's point of view to determine why a hacker chooses a specific vulnerability out of the thousands of candidates. We’ll also provide unique insight into the discovery and disclosure of high-severity bugs through the HP Zero Day Initiative program. We’ll share the process we believe was used to rediscover and ultimately weaponize these vulnerabilities.