Joint presentation to discuss best practices for public disclosure of vulnerability exploitation
LONDON (UK): Lancope, Inc., a leader in network visibility and security intelligence, will present with Microsoft at Virus Bulletin 2013 in Berlin, Germany on Wednesday, October 2. Lancope’s Director of Security Research, Tom Cross, will co-present a session with Holly Stewart, Sr. Program Manager Lead at Microsoft Malware Protection Center, covering best practices for public disclosure of the fact that a security vulnerability is being exploited in the wild. The session will define the difference between vulnerability disclosure and disclosure of exploitation, and illustrate scenarios in which exploitation information can help aid the public in defending against active threats, as well as scenarios in which exploitation information can result in increased attack activity.
Cross and Stewart will discuss the ethics and timing of exploitation disclosure, presenting examples from various, real-world case studies. “Disclosing the fact that exploitation is occurring is important for many reasons, including helping IT professionals and software vendors prioritise defensive efforts,” said Stewart. “However, exploitation disclosure can also attract the attention of attackers and accelerate attack activity.”
“New vulnerabilities may be uncovered by security professionals in the course of analyzing malware samples or investigating breaches,” said Cross. “These security professionals are faced with a challenging ethical dilemma. There is attack activity going on that needs to be stopped as soon as possible, but the responsible software vendor may not know about the vulnerability in question and may need time to prepare a patch. As these circumstances have become increasingly common, it is important to understand the associated ethical considerations.”
Should security professionals inform the public when they discover that a new vulnerability is being targeted in the wild? When and under which circumstances? During the below presentation, Microsoft and Lancope will discuss various factors that can help determine the answers to those questions, including the scope of the attacks, how much information is available on the vulnerability and whether a fix has been developed.
WHO: Tom Cross, Director of Security Research, Lancope, Inc. and Holly Stewart, Sr. Program Manager Lead, Microsoft Malware Protection Center
WHAT: “Can alerting the public about exploitation do more harm than good?”
WHEN: Wednesday, October 2, 2:00 p.m. CEST
WHERE: Virus Bulletin 2013, Berlin, Germany
The Virus Bulletin conference is an annual event bringing together leading IT security experts from around the world to discuss the global threat landscape.