TrendMicro presents "Bug Bounties and Exploit Intelligence"
WHEN: Wednesday, October 27th from 2:00 to 3:00 EST
Nearly every organization claims to do vulnerability research and threat intelligence, but what does that really mean? As the world's largest vendor agnostic bug bounty program, the Zero Day Initiative (ZDI) is uniquely positioned to understand the latest exploits and techniques. Various marketplaces exist for such security research, and the current gray and black markets can be as robust as their white market counterparts. At each stage of this process, information about a vulnerability equates to a monetary value, and, depending on how this information is disseminated, that monetary value can drastically change. Like any open market, various factors can spur changes in supply and demand, and market actors can shape what types of research either becomes public – or finds its way into an active exploit.
This talk will also show how bug reports submitted to the program allowed the ZDI to effectively crowd-source vulnerability intelligence by showing industry trends and state-of-the-art exploitation methodologies. It will include case studies on how these reports have influenced the broader ecosystem. Understanding the source of threat intelligence and the exploit economy are vital for getting proactive with your network defenses rather than merely reacting to threats.
SPEAKER: Dustin Childs
Dustin C. Childs is a part of Trend Micro's Zero Day Initiative (ZDI), which is the world's largest vendor agnostic bug bounty program. Dustin began his IT security journey in the late 1990's at the Air Force Information Warfare Center. He then transitioned from active duty to defense contractor. Following this role, Mr. Childs worked in the Microsoft Trustworthy Computing group, where he served as a case manager in the Microsoft Security Response Center (MSRC) with a focus on addressing vulnerabilities in the Windows operating system and in Microsoft's developer tools. In his current role, Mr. Childs creates, implements, and oversees communications programs, both internal and external, that promote the work of ZDI and its researchers.