Feature: Defenders, please stand up -- Largest information security event calls for stronger collaboration

Source: Xinhua| 2018-08-11 20:40:36|Editor: mmm
Video PlayerClose

by Xinhua writer Guo Shuang

LAS VEGAS, the United States, Aug. 10 (Xinhua) -- "If you identify as a defender, if you fix bugs, if you've written fuzzers, if you've developed mitigations and existing projects, if you've improved vulnerability response ... please stand," Google "Security Princess" Parisa Tabriz said at the Black Hat USA 2018, taking place this week in Las Vegas.

In the obscure places in the sports arena of the Mandalay Bay Resort, where the largest annual information security event held, more and more people, who have not gotten the recognition they deserve, stood up.

"Your work is the type of work that normally doesn't get headlines, but thank you for being an unsung hero for user security," said Tabriz, the Google director of engineering and the head of the company Project Zero security team.

Technology and the free flow of information has rapidly changed the world forever. Along with that change came the frightening thought of knowing that no technology is absolutely safe. There is no doubt that security has become a foundational technology.

Interconnected networks, billions of lines of ever-evolving code, third party dependencies and legacy requirements, competing priorities ...these are just a few of the challenges that are familiar to security professionals, and that doesn't even include the social and communication barriers or endless philosophical debates.

Delivering this year's keynote, Tabriz, who has worked in security now for over a decade in a number of different roles, said that transparency and collaboration are key in shortening patch times for bugs.

The world's leading information security event this year called for more collaboration in the industry to continue making progress against ever-increasing cyber threats.

The conference drew more than 17,000 attendees last year, and up to 112 countries had sent at least one attendee this year, according to Jeff Moss, the founder of Black Hat and DEF CON.

"The community or the industry is at the final exams stage," Moss told the attendees at the opening of the conference. "It's like we've matured enough that world events now have caught up with us and we are now being tested: are we as good as we say we are?"

"The industry is benefiting from the growing need of cyber security solutions and services in the defense," Wang Qi, founder and CEO of The KEEN Team, a white-hat hacking collective in China that organizes annual GeekPwn competitions, told Xinhua.

Cybersecurity Ventures predicts global spending on cybersecurity products and services will exceed 1 trillion U.S. dollars cumulatively from 2017 to 2021.

North America and Europe are the leading cybersecurity revenue contributors, according to a report from TechSci Research, but Asia-Pacific is rapidly emerging as a potential market for cybersecurity solution providers, driven by emerging economies such as China, India and South-East Asian countries.

The Six-day Black Hat USA 2018 is followed by DEF CON, which is the world's longest running and largest underground hacking conference that started in 1992 also by Moss.

DEF CON has been held in Las Vegas for the past 25 years, which has came to Beijing in May in the partnership with the internet security arm of Baidu, China's search engine giant.

"We have to be more collaborative in our approach to defense," said Baidu President Zhang Yaqin, adding: "What we can get from truly working together I believe is a better defense."

Based on various external data points and a variety of internal tests the cost to build exploits across a number of high-profile targets has increased, according to Tabriz. "That's thanks to lots of people working together to tackle root causes of bad security," she said.

Google Project Zero, founded in 2014, has since then has reported over 1,400 vulnerabilities. It has taken important steps to proactively address software flaws, including the introduction of a 90-day disclosure policy for vulnerabilities.

"We rely on everyone working in technology to clear the path for a safer future," said Tabriz. 

TOP STORIES
EDITOR’S CHOICE
MOST VIEWED
EXPLORE XINHUANET
010020070750000000000000011100001373837321