Fear, Loathing and ThreadFix: 2012 BlackHat and BSidesLV Recap
Hopefully everyone is recovering from their week in Las Vegas for BlackHat, BSidesLV and DefCon. I had a great time out there, although this year I might have been Patient 0 for the ConFlu so I had to take it easy from Wednesday on. Probably for the best.
I had a blast presenting with Josh Sokol at BSidesLV 2012 on his new concept of “Symbiotic Security” looking at ways security tools should be able to communicate with one another. You can see our slides online here:
We had some really good questions about the wisdom of automating virtual patching and other security system interactions. The point we were trying to make was less about promoting specific interactions between tools and systems, but rather having the open communication capabilities that make those sort of interactions possible. (Josh and I will also be giving an updated version of the talk at HouSecCon on October 11th, 2012.)
The BSidesLV guys are lightning-fast getting videos online, so you can also see Josh and I’s actual presentation on YouTube here:
We were also fortunate enough to be able to showcase ThreadFix at the BlackHat Arsenal. This was really valuable as it gave us the opportunity to talk to a lot of folks who had been beta testing ThreadFix to get their feedback. We also got to meet a lot of new folks to talk about how ThreadFix might be valuable in their environments. Many thanks to the BlackHat and Netpeas folks for the opportunity to participate.
Contact us if you want to know more about running your software assurance program on ThreadFix.
dan _at_ denimgroup.com
Categories: ThreadFix Application Vulnerability Management