#firstcon13

25 June 2013 at 3:31pm

Bug Bounties

Andrew Cormack
Software Vulnerabilities
incident response
#firstcon13
Bug bounty schemes have always been controversial. In the early days of the Internet someone who found a bug in software was expected to inform the author and help fix it, as a matter of social responsibility. Suggesting that those researching vulnerabilities be paid for their time and effort seemed rather grubby. Unfortunately not everyone shared those scruples.
Read more
25 June 2013 at 3:30pm

Sharing to Win Privacy

Andrew Cormack
Data Protection Regulation
Privacy
ePrivacy Directive
incident response
#firstcon13
The theme of this week’s conference of the Forum of Incident Response and Security Teams (FIRST) is “Sharing to Win”. Perhaps inevitably, I’ve had a number of people (and not just Europeans) tell me that privacy law prevents them sharing information that would help others detect and recover from computer security incidents. If that’s right, then those laws are working directly against the privacy they are supposed to be protecting.
Read more
18 June 2013 at 3:17am

Uncertainty, Risk Assessment and Breach Notification

Andrew Cormack
Breach Notification
Data Protection Regulation
incident response
#firstcon13
Two talks on the first day of the FIRST conference highlighted the increasing range of equipment and data that can be found on the Internet, and the challenges that this presents both for risk assessment and, if incidents do happen, assessing the severity of the possible breach and what measures need to be taken.
Read more
Subscribe to #firstcon13