Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

BlackHat USA 2018 | 次日议题精彩解读

0
0

BlackHat USA 2018 | 次日议题精彩解读

Black Hat官网地址: https://www.blackhat.com/

会议介绍

BlackHat作为全球信息安全行业的最高盛会,有着悠久历史,今年已经进入了第21个年头,每次会议的议题筛选都极为严格。众多议题提交后通过率不足20%,所以Black Hat也被称为最具技术性的信息安全会议。

安全客在本届BlackHat会议上,邀请了众多参会的安全大牛,在大会现场同步和大家分享看到的精彩议题。

时间:2018年8月8日-9日 议题速递――次日上半场 Stop that Release, There’s a Vulnerability!

演讲人:Christine Gadsby|Director, Product Security Operations, BlackBerry

演讲时间:9:00-9:25

主题标签:Security Development Lifecycle,Enterprise

Software companies can have hundreds of software products in-market at any one time, all requiring support and security fixes with tight release timelines or no releases planned at all. At the same time, the velocity of open source vulnerabilities that rapidly become public or vulnerabilities found within internally written code can challenge the best intentions of any SDLC.

How do you prioritize publicly known vulnerabilities against internally found vulnerabilities? When do you hold a release to update that library for a critical vulnerability fix when it’s already slipped? How do you track unresolved vulnerabilities that are considered security debt? You ARE reviewing the security posture of your software releases, right?

As a software developer, product owner, or business leader being able to prioritize software security fixes against revenue-generating features and customer expectations is a critical function of any development team. Dealing with the reality of increased security fix pressure and expectations of immediate security fixes on tight timelines are becoming the norm.

This presentation looks at the real world process of the BlackBerry Product Security team. In partnership with product owners, developers, and senior leaders, they’ve spent many years developing and refining a software defect tracking system and a risk-based release evaluation process that provides an effective software ‘security gate.’ Working with readily available tools and longer-term solutions including automation, we will provide solutions attendees can take away and implement immediately.

Tips on how to document, prioritize, tag, and track security vulnerabilities, their fixes, and how to prioritize them into release targets

Features of common tools [JIRA, Bugzilla, and Excel] you may not know of and examples of simple automation you can use to verify ticket resolution.

A guide to building a release review process, when to escalate to gate a release, who to inform, and how to communicate.


BlackHat USA 2018 | 次日议题精彩解读
BlackHat USA 2018 | 次日议题精彩解读
BlackHat USA 2018 | 次日议题精彩解读
BlackHat USA 2018 | 次日议题精彩解读
BlackHat USA 2018 | 次日议题精彩解读
BlackHat USA 2018 | 次日议题精彩解读
BlackHat USA 2018 | 次日议题精彩解读
BlackHat USA 2018 | 次日议题精彩解读
BlackHat USA 2018 | 次日议题精彩解读
BlackHat USA 2018 | 次日议题精彩解读

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles





Latest Images