Today we (Deloitte) hosted the ISGA (formerly WhiteHat) meeting. I was in charge from Deloitte's side. Apart from a few hiccups related to broken amps and late coffee it went off fairly smoothly. I got the chance to present, my presentation was entitled: "Threat Monitoring: Reading Risk the Wrong Way".
It basically provides a justification as to why threat monitoring is important, and how people ignore the "threat" component of the risk equation. A component of threat monitoring is having decent threat models. For this I discussed how security researchers have gotten the vulnerability life cycle wrong, and provided a corrected model based on combining the conclusions of several researchers.
The slides can be found here.
Schneier once proposed a vulnerability life cycle in a Crypto-Gram newsletter. However, during the time of writing my thesis, there were several important pieces of research no-one had put together to come up with a 'more correct' vulnerability life cyc
Tracked: Jul 19, 13:08