Vulnerability Management in Software: Before Patch Tuesday
Thursday, July 16, 2015
11:00 HRS PT/14:00 HRS ET
60 minutes, including Q&A
Brought to you by:
Vulnerability Management in Software: Before Patch Tuesday - by Kymberlee Price
Vulnerability Risk Management 2.0 - by NopSec
The Secure Development Lifecycle (SDL) does not end when a product releases. Implementing SDL practices during design and development will improve your software quality but will never make it perfect; vulnerabilities will continue to be identified in your code or in the third party libraries that ship in your product. How you handle those vulnerabilities is crucial to the security of your customers (and can keep your company from ending up on the news for the latest 0-day). Learn about current vulnerability trends, practices and tools that can help developers, security response teams, and network administrators understand and effectively mitigate risk in their environments, and how to measure and report on vulnerability management KPIs to leadership, all without requiring a data science degree.
Kymberlee Price, BugCrowd, has over 12 years experience in the information security industry. Kymberlee pioneered the first security researcher outreach program in the software industry. Price later was a principal investigator in the Zotob criminal investigation, and analyzed APT's at Microsoft. She then spent 4 years investigating product vulnerabilities in BlackBerry's Security Response Team followed by an offensive security role as the Director of the Synack Red Team. Today she is responsible for directing the efforts of Bugcrowd's global team of more than 16,000 security researchers, optimizing vulnerability reporting performance for customers and researchers, and aiding 'the Crowd' with ongoing skill development and overall success in Bugcrowd programs.
Steve Garrett is Director of Product Management at NopSec where he brings nearly 20 years experience overseeing product roadmap development, technology implementations, and Total Customer Experience programs across the information security industry. Prior to NopSec, Steve led product management for RSA's SIEM, Network Forensics, and Incident Detection technologies. He holds a B.S. from the University of Texas.