If you don't care about a vulnerability, why should I? (Keynote)
James Forshaw | TBC
Abstract
As a security researcher, after spending time finding a vulnerability in a product the worst response from a vendor is a simple "Won't Fix". Vendor security response is a difficult and expensive process, so sometimes they would rather not fix something they don't view as a security risk. But is that the wrong decision? This keynote will go through some of the bugs I've discovered over many years that have received this designation, their subsequent life afterwards and what you can do to benefit from the vendor's decision.
The Speaker(s)
James Forshaw
James is a security researcher in Google's Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he's been listed as the #1 researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate. He's also the author of two security books "Windows Security Internals" and "Attacking Network Protocols", both available from NoStarch Press.