Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes
By Parisa Tabriz, Project Zero Manager & Director of Engineering at Google
This talk offers guiding advice that we as security practitioners and leaders must embrace in order to succeed. Drawing on her experiences leading some of the biggest, ongoing security efforts that aim to make technology safer for all users, Parisa will first share how throwing out the rule book on vulnerability disclosure has been moving giants of the software industry toward measurably faster patching and end-user security. Next, she will share how a grassroots side project grew to shift the majority of the web ecosystem to secure transport, nearly 25 years after the technology was first made available. Finally, she will review the major effort to implement an intern’s publication in one of today’s largest open source projects, and how they persevered for 5+ years of refactoring, avoiding efforts to defund the work along the way. (Coincidentally, this project helped the world’s most popular browser mitigate a new class of hardware vulnerabilities earlier this year!)
Full Abstract: https://www.blackhat.com/us-18/briefings/schedule/index.html#optimistic-dissatisfaction-with-the-status-quo-steps-we-must-take-to-improve-security-in-complex-landscapes-11956