Jeremiah Grossman here. BlueHat is one of my favorite conferences of the year, and it’s one of the few I’ve consistently kept coming back to. The organizers put together an amazing event with consistently top-quality content, where the attendees are not only security people, but a legion of software developers who have a genuine interest in security -- because their employer (Microsoft) does. Interacting with the BlueHat crowd provides a unique opportunity where conversations can have huge impact. These are the people that make Windows and Internet Explorer after all. They supply development tools to millions who code on those platforms. If you want a feature or something changed relating to security, or learn how something works, these are the folks to talk to.
For me, this year just got that much better. Yesterday, there was a Web Application Security Summit, where I was asked to kick things off. I used this time to impart some of my knowledge of the space gained over the last ten years about what’s really going on out there in terms of vulnerabilities -- backed by statistical data of course. I described what issues are most common across the Web, how many of them get fixed and how quickly, which tend to get exploited and how.
This was also my chance to articulate the technology and policy challenges we currently face in such a way that those in the audience, hopefully those smarter than myself, can find new ways to overcome them. Challenges like, “how do we go about dealing with the trillions of lines of vulnerable code already in circulation?” and “how do we measurably increase the security of new code going into the system?”
As our lives become increasingly dependent on the Web, the subject of “security” is something that is important to us all.
Jeremiah Grossman is the Founder and CTO of WhiteHat Security, where he is responsible for Web security R&D and industry outreach. Mr. Grossman has written dozens of articles, white papers, and is a published author. His work has been featured in the Wall Street Journal, NY Times and many other mainstream media outlets. As a well-known security expert and industry veteran, Mr. Grossman has been a guest speaker on five continents at hundreds of events including BlackHat, RSA, ISSA, and others. He has been invited to guest lecture at top universities such as UC Berkeley, Stanford, Harvard, UoW Madison, UCLA, and Carnegie Mellon. Mr. Grossman is also a co-founder of the Web Application Security Consortium (WASC) and previously named one of InfoWorld's Top 25 CTOs. Before founding WhiteHat, Mr. Grossman was an information security officer at Yahoo!
I remember the BlueHat conference where Hyper-V root kits were tested. Interesting what people can do with software :-)