Advertise

Vulnerabilities / Threats //

Advanced Threats

8/14/2015
09:00 AM

Sara Peters
Slideshows

Connect Directly

1 Comment
Comment Now

View From The Top: Government’s Role In Cybersecurity

At the DarkReading News Desk, live from Black Hat, industry experts Dan Kaminsky, Richard Bejtlich, Katie Moussouris, Paul Kurtz, and Rod Beckstrom talked about how government is hurting and could be helping infosec.

5 of 6

Katie Moussouris

On the topic of how the proposed updates to the Wassenaar Arrangement -- that limit the export of "intrusion software" -- would inhibit the security professionals who need to protect against zero-day exploits, but fail to inhibit those who create such exploits, Katie Moussouris, chief policy officer of HackerOne said:

"Hacking Team was such a treasure trove of information. But what is especially interesting in terms of export controls is that they have lawyers, they did consult with their lawyers, they have a means to apply for export licenses in their own country, and there are a number of ways they could legally obtain export licenses for their software or use resellers that reside in other countries.

"So the folks that were targeted, who were making the software that was targeted by this regulation, have multiple means of getting around it, whereas the defense end of things and the folks who are not building this type of software but unfortunately are caught in that language dragnet really are the ones that are suffering, and as a result, defense of the Internet as a whole is suffering."

(See also Moussouris' blog on Dark Reading, "Mad World: The Truth About Bug Bounties," a response to Oracle CSO Mary Ann Davidson's short-lived rant about reverse engineering and vulnerability disclosure.)

5 of 6

Comment |

Email This |

Print |

RSS

Comments

Newest First | Oldest First | Threaded View

[close this box]

50%

Joe Stanganelli,
User Rank: Ninja
8/24/2015 | 4:52:29 PM

Katie Moussouris

I had the pleasure of seeing Katie Moussouris speak on a cybersecurity panel at an event in Boston in November. She is definitely all about reducing restrictions (legal and otherwise) that disincentivize white-hat hackers -- and had a lot to say about how companies can improve their security posture by welcoming security researchers who discover exploits in their software with open arms (citing her former employer, Microsoft, as a great example of this in how the company handled hacking group Last Stage of Delirium's exploitation of the Blaster worm (the company hired them)).

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Black Hat Europe 2021 - November 8-11 - Learn More

SecTor - Canada's IT Security Conference Oct 30-Nov 4 - Learn More

@Hack - November 28-30, 2021 Saudi Arabia - Learn More

More Informa Tech Live Events

White Papers

Zero Trust and the Power of Isolation for Threat Prevention

Digital Transformation and Data Security

The Transition to Empowered Enterprise Authentication

360 Analytics for a Resilient SOC

The Dirty Dozen: The Truth About Privacy Preserving Techniques and Technologies

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

Enterprise Cybersecurity Plans in a Post-Pandemic World

Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of Ransomware

Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!

Download Now!

[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem

0 comments

The Impact of a Security Breach 2017

0 comments

[Strategic Security Report] Assessing Cybersecurity Risk

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-21547
PUBLISHED: 2021-09-17

Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.

CVE-2020-21548
PUBLISHED: 2021-09-17

Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.

CVE-2021-39218
PUBLISHED: 2021-09-17

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger ...

CVE-2021-41387
PUBLISHED: 2021-09-17

seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.

CVE-2021-41390
PUBLISHED: 2021-09-17

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]