Sort by:  

Conference:  Defcon 31
Authors: RenderMan His Holiness, Pope of the Church of Wifi, Thomas Dang

Post 9/11, the phrase “If you see something, say something” became ubiquitous. If you saw something of concern, better to report something that was nothing than let something bad happen. Problem is, no one let the authorities know that they should apply this to the online realm too. Threats of arrest and criminal investigations have the opposite effect and chill anyone from wanting to report security vulnerabilities that affect everyone. Lack of clear reporting paths, misunderstandings, jurisdiction issues, superseding laws, and good old fashioned egos can make trying to do the right thing turn into a nightmare that can cost livelihoods, reputation, criminal charges and even worse, particularly when government systems are involved. This talk will cover the presenters personal experiences with poorly written or a lack of vulnerability disclosure policies with their governments and what it cost them in trying to make things better. The presentation will then move to a discussion about what should be done and what is being done to make sure that reporting a vulnerability doesn’t cost you everything. Anyone who is responsible for writing such disclosure policies or legislation will benefit, but so will any hackers that want to make it safer to report issues they find by advocating for changes.
Authors: Greg Kroah Hartman, Philippe Ensarguet, Gabriele Columbro, Sachiko Muto

The EU Cyber Resilience Act aims to address a vital need for improved security across the software supply chain, but there’s broad consensus that, in its current draft, it risks imposing undue burden on individuals and non profit organizations with the risk of stifling European open source innovation with ripple effects to it’s global ecosystem. We welcome representatives from all the different constituents of the Community, from individual maintainers to companies consuming and contributing to open source, from representatives of the public sector to open source foundations, to join us for an open discussion to learn more on the real life impacts of the CRA and where do we go from here