Fear, Loathing and ThreadFix: 2012 BlackHat and BSidesLV Recap

Hopefully everyone is recovering from their week in Las Vegas for BlackHat, BSidesLV and DefCon. I had a great time out there, although this year I might have been Patient 0 for the ConFlu so I had to take it easy from Wednesday on. Probably for the best.
I had a blast presenting with Josh Sokol at BSidesLV 2012 on his new concept of “Symbiotic Security” looking at ways security tools should be able to communicate with one another. You can see our slides online here:

We had some really good questions about the wisdom of automating virtual patching and other security system interactions. The point we were trying to make was less about promoting specific interactions between tools and systems, but rather having the open communication capabilities that make those sort of interactions possible. (Josh and I will also be giving an updated version of the talk at HouSecCon on October 11th, 2012.)
The BSidesLV guys are lightning-fast getting videos online, so you can also see Josh and I’s actual presentation on YouTube here:

We were also fortunate enough to be able to showcase ThreadFix at the BlackHat Arsenal. This was really valuable as it gave us the opportunity to talk to a lot of folks who had been beta testing ThreadFix to get their feedback. We also got to meet a lot of new folks to talk about how ThreadFix might be valuable in their environments. Many thanks to the BlackHat and Netpeas folks for the opportunity to participate.
dan _at_ denimgroup.com

Posted via email from Denim Group’s Posterous

About John Dickson

John Dickson web resolution

John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd, the parent company of ThreadFix. He has more than 20 years' hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO's) of Fortune 500 companies, including major financial institutions, launch and expand their critical application security initiatives.