Browse communities
Browse communities
Presenting a webinar?

The Value of Vulnerability Disclosure

Brian Gorenc, CISSP, CSSLP, Security Researcher with HP DVLabs
What is a vulnerability worth? If you are an attacker looking to launch an attack on an unsuspecting organization, your answer will be very different than the IT administrator running the organization. HP DVLabs runs the Zero Day Initiative, the industry’s leading organization for purchasing and disclosing vulnerabilities. In this unique position the DVLabs team must be keenly aware of both the black market for selling vulnerabilities and exploit information, as well as the potential costs to the enterprise affected by such vulnerabilities. Join Derek Brown, security research with HP DVLabs and liaison for the Zero Day Initiative for session on vulnerability disclosure and why it is so important to the security industry.
Mar 14 2012
43 mins
The Value of Vulnerability Disclosure
More from this community:

IT Service Management

  • Live and recorded (2380)
  • Upcoming (44)
  • Date
  • Rating
  • Views
  • Join us this week for a special 30-minute live session on how RingCentral integrates with Zendesk for improved workflow and increased productivity.

    Tune in every Friday for RingCentral Live. We’ll tour the RingCentral interface, discuss the latest innovations and features available on the RingCentral platform, and share best practices on leveraging cloud communications for your business. This session also features a live demo of RingCentral Office and an open Q&A session led by a Sales Engineer.
  • Sutter Health is a not-for-profit health system serving more than 100 communities in Northern California. Each year its 5,000 physicians care for more than 10 million outpatient visits and discharge more than 200,000 in-patients.

    As healthcare systems transition from “fee for service” to “fee for value” reimbursement models, there is an increasing focus to drive down 30-day re-admission rates, particularly for high risk patients. To this end, Sutter Health is piloting Project RED (Re-engineered Discharge) which leverages predictive analytics to identify high-risk patients and then prescribes alternative discharge workflows aimed at lowering the risk of re-admission.

    Join us as Kristen Wilson-Jones, Sutter RD&D CTO, shares how Sutter Health has leveraged MuleSoft’s Anypoint Platform in an orchestrated plecosystem of technologies to power Project RED by enabling real-time patient risk scoring, clinical workflow management and bi-directional integration with Epic.

    Topics covered
    -------------------
    + How Sutter Health is lowering 30-day re-admission rates by re-engineeing clinical workflows
    + The need for connectivity to enable workflow re-design
    + Best practice in moving from an application-centric to a data object-centric connectivity approach
  • To realize the full benefits of the cloud, you must choose a cloud that fits your needs and supports your organization’s cloud workloads. In this webinar, we will discuss the results of a Forrester Consulting study that show why capacity management is essential to your cloud transformation strategy. You will learn how capacity optimization tools manage workloads in the cloud and help you:

    • Gain visibility into capacity utilization at the resource, service, and business level.
    • Support timely decision-making on IT investments.
    • Increase agility, reduce IT costs, and minimize risks.

    Learn how capacity management will help you understand and optimize your environment to support effective decision-making aligned to business priorities.
  • To realize the full benefits of the cloud, you must choose a cloud that fits your needs and supports your organization’s cloud workloads. In this webinar, we will discuss the results of a Forrester Consulting study that show why capacity management is essential to your cloud transformation strategy. You will learn how capacity optimization tools manage workloads in the cloud and help you:

    • Gain visibility into capacity utilization at the resource, service, and business level.
    • Support timely decision-making on IT investments.
    • Increase agility, reduce IT costs, and minimize risks.

    Learn how capacity management will help you understand and optimize your environment to support effective decision-making aligned to business priorities.
  • Link-Solutions is comprised of hand-held test and cloud based reporting. On the hand-held test side LinkSprinter and LinkRunner AT perform varying levels of testing capability but both offer automated reporting to the same Link-Live Cloud Service. Within the Link-Live Cloud Service dashboard you’ll see every test appear on the dashboard as it occurs providing better job visibility and project control as you can easily keep track of who is testing what, where and when. Attend this webcast to find out how this adaptable toolset can help your organization
  • This webinar will show you how we used some specific tools and techniques to identify where problem management was failing and how a poor incident management process was the root cause.
  • Gartner has predicted 18-20% growth in SaaS market, and expects it to hit US $22.1 billion by the year 2015. They have also measured that SaaS adoption rate has increased many fold in the last few years (almost 71% of enterprises use SaaS solutions).

    SaaS has come a long way from “hype” to “norm”. The key to this change is the confidence that has been built by the cloud/SaaS community by providing enterprise class security. Since, SaaS model of delivery has become a defacto standard of delivering products it’s critical for software providers to ensure that their SaaS product meets the required industry security standards. In this webinar, we will address the security aspects related to architecture, deployment and management of SaaS solutions.

    Key Takeaways:
    • Security considerations in each of the architecture layers
    • Data isolation risks and mitigation plans
    • Overview of CWE/SANS and OWASP Security threats
    • Data retention and termination policies
    • Infrastructure and cloud related security risks and solutions
  • Ineffective new product development (NPD) pipeline management is a condition that affects many organizations looking for sustainable results from their new product efforts. In most cases, organizations struggle to understand what the symptoms they experience are telling them about their pipeline, and how to focus their energy on initiatives that will make the most impact. In this webcast, CA and Kalypso will review the most common indicators of a faulty NPD process and help diagnose the causes.

    Attendees will learn:
    - The common pain points and symptoms that indicate poor NPD pipeline management
    - Why organizations experience these symptoms, and the underlying causes that produce these pains
    - How to tailor portfolio management principles to treat the symptoms of poor NPD pipeline management, including example that illustrates how portfolio management can drive sustainable results
  • Ineffective new product development (NPD) pipeline management is a condition that affects many organizations looking for sustainable results from their new product efforts. In most cases, organizations struggle to understand what the symptoms they experience are telling them about their pipeline, and how to focus their energy on initiatives that will make the most impact. In this webcast, CA and Kalypso will review the most common indicators of a faulty NPD process and help diagnose the causes.

    Attendees will learn:
    - The common pain points and symptoms that indicate poor NPD pipeline management
    - Why organizations experience these symptoms, and the underlying causes that produce these pains
    - How to tailor portfolio management principles to treat the symptoms of poor NPD pipeline management, including example that illustrates how portfolio management can drive sustainable results
  • There are more costs to your phone system than you think. From capital expenditures to software upgrades, your phone system could be costing you. Join Matt McGinnis, Senior Director of Product Marketing at RingCentral, as he discusses the total cost of ownership (TCO) of an on-premise phone system and how you can see up to a 70% savings on your phone bill.
  • Channel
  • Channel profile
  • The Dark Side of Anonymizers: Protect Your Network from the Unknown Apr 14 2015 5:00 pm UTC 45 mins
    Joanna Burkey, DVLabs Manager, HPSW HPN Security - Tipping Point
    While anonymizers can serve a positive purpose by protecting a user’s personal information by hiding their computer’s identifying information, their use in your network environment can be dangerous. Anonymizers can evade enterprise security devices, and their misuse can make your organization susceptible to malware and unwanted intrusions. Attend this session to learn how you can detect and block elusive anonymizers from wreaking havoc on your network.
  • Anatomy of a Cyber Attack Recorded: Mar 17 2015 45 mins
    Bob Corson, Director, Solutions Marketing, TrendMicro & Patrick Hill, Sr Product Line Manager, DVLabs
    Victims of targeted attacks, or advanced persistent threats (APTs), make the headlines. Attend this webinar to learn how APTs work and how to defend your business from them. Pat Hill, HP TippingPoint Product Manager, and Bob Corson, Director, Solutions Marketing, discuss the anatomy of an attack and why it's critical to detect and isolate the attack at "patient zero," the initial point of infection.

    Attend this webinar to learn:
    · How the bad guys evade your security
    · The counter measures you need to detect and block them
    · How HP TippingPoint and Trend Micro have partnered to neutralize patient zero
  • HP Cyber Risk Report 2015: The Past is Prologue Recorded: Mar 12 2015 28 mins
    Jewel Timpe, Senior Manager- Threat Research, HP Security Research
    In the world of information security, the past isn’t dead; it isn’t even the past. The 2015 edition of HP’s annual security-research analysis reveals a threat landscape still populated by old problems and known issues, even as the pace of new developments quickens. In 2014, well-known attacks and misconfigurations existed side-by-side with mobile and connected devices (the “Internet of Things”) that remained largely unsecured. As the global economy continues its recovery, enterprises continued to find inexpensive access to capital; unfortunately, network attackers did as well, some of whom launched remarkably determined and formidable attacks over the course of the year.

    The 2015 edition of the HP Cyber Risk Report, drawn from innovative work by HP Security Research (HPSR), examines the nature of currently active vulnerabilities, how adversaries take advantage of them, and how defenders can prepare for what lies ahead. Jewel Timpe, HPSR’s senior manager of threat research, describes the report’s findings and explains how this intelligence can be used to better allocate security funds and personnel resources for enterprises looking toward tomorrow.
  • Targeted Attacks - Six Keys for Fighting Back Recorded: Mar 6 2015 65 mins
    Bob Corson, Director, Solutions Marketing, Trend Micro & Patrick Hill, Senior Product Line Manager for HP Enterprise Security
    Target, Sony, Anthem - the biggest recent breaches have taught us all big lessons. Namely, that traditional security solutions are ineffective against advanced threats. And today's targeted attacks not only can rob your organization of sensitive data, customers, reputation - they can cost senior leaders their jobs.

    Register for this session to learn the 6 Keys to Success in Fighting Advanced Threats. Hear first-hand from security leaders at HP and Trend Micro how to:
    - Monitor all attack phases;
    - Mind security gaps;
    - Defeat anti-evasion features & more.
  • Outthinking the Bad Guys Recorded: Feb 6 2015 22 mins
    Art Gilliland, General Manager of HP Enterprise Security Products
    Businesses are spending so much money on security -- almost $47 billion in 2013 -- and yet the number of breaches continues to increase. To mitigate the risks of increasingly sophisticated, innovative and persistent threats, we need to change the way we think about our security programs. In this webcast, Art Gilliland, General Manager of HP Enterprise Security Products, talks about the challenges all enterprises face from the bad guys -- and the critical steps businesses must take to defend against today's most advanced threats.
  • HP TippingPoint—every second matters Recorded: Jan 12 2015 3 mins
    HP TippingPoint
    A next-generation intrusion prevention system (IPS) shouldn't just keep your company safe, it should be quick to implement and easy to manage. HP TippingPoint is the simple, effective, and reliable solution for network security that protects you faster—when every second matters.
    This video explains how TippingPoint stops threats faster. Watch it to learn:
    •How HP TippingPoint provides 80% threat coverage out of the box
    •How most companies install TippingPoint in less than two hours
    •How TippingPoint filters key on vulnerabilities rather than exploits to keep you safer and reduce false positives
  • Protecting your company in a changing threat environment Recorded: Jan 9 2015 4 mins
    John Kindervag, Vice President and Principal Analyst, Forrester Research
    Hackers don't have change management, so they can change and deploy threats faster than companies can respond to them. That's the message of Forrester Principal Analyst John Kindervag in this short but important video. He explores the impact of a changing threat environment and new zero-day threats on cyber defenses.

    View it to learn:
    •Why it's important for security professionals to change their mindset when dealing with the changed threat landscape
    •Why conventional defenses based on exploit signatures no longer work
    •Why context-aware defenses that correlate incoming attacks to outgoing data exfiltration are required for enhanced security
  • Top 5 Security Threats of 2014: How to Protect Yourself for the New Year! Recorded: Dec 11 2014 41 mins
    Joanna Burkey, HP TippingPoint DVLabs Manager
    2014 has been an explosive year riddled with nasty security threats. Some of these you may have heard about like Heartbleed and Shellshock, but others like Sandworm, may have gone unnoticed or worse unprotected on your network. This webcast will offer an explanation of the top vulnerabilities, how they could have infected your network and security precautions to protect your organization. Don’t miss it.
  • Challenges and Solutions for Securing Today's Enterprise Network Recorded: Nov 18 2014 39 mins
    Julian Palmer, Senior Product Manager, HP SW HPN Security - TippingPoint
    As enterprise network design changes and evolves to incorporate mobile devices, BYOD and cloud solutions, the traditional network perimeter is breaking down. All this, while attacks are getting ever more sophisticated. This session will discuss the challenges facing the modern enterprise network, and show how HP TippingPoint network security products offer solutions that can help.
  • Defending the Network in the Battle Against Malware Recorded: Oct 22 2014 49 mins
    Joanna Burkey, HP TippingPoint DVLabs Manager & Russell Meyers, Global Product Line Manager, HP TippingPoint
    With malware and botnets wreaking havoc worldwide, stopping network infiltration and protecting confidential data is proving increasingly difficult. This session introduces you to a triple-threat triple ally against attackers: HP TippingPoint with ThreatDV. Join us and learn how HP TippingPoint and the power combo of ThreatDV, weekly Digital Vaccine package, and reputation feed help networks stay ahead of attacks by blocking infiltration, phone-home, command-and-control, and data exfiltration.
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: APJ Recorded: Oct 10 2014 56 mins
    Sponsored by HP Enterprise Security, Independently conducted by Ponemon Institute LLC
    Explore cyber crime in Asia Pacific and Japan

    The cost of cyber crime is on the rise in the APJ region, according to the 2014 Cost of Cyber Crime study from the Ponemon Institute. Among 30 companies surveyed in Australia, the reported per-company cost for Internet-driven crime was $4 million, up 8.4% from 2013. In Japan, the per-company average hit $6.9 million in the study, up 5.7% from 2013.

    On the more optimistic side, companies in the region are achieving notable ROI for their investments in cyber security solutions. The average ROI for seven security technologies was 16% in Australia and 17% in Japan. For a close-up view of these and other findings from the institute’s research in Australia and Japan, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our APJ Security webinar.
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: Americas Recorded: Oct 9 2014 60 mins
    Sponsored by HP Enterprise Security, Independently conducted by Ponemon Institute LLC
    Explore cyber crime in the Americas

    In the 2014 Cost of Cyber Crime study, U.S. companies reported an average of $12.7 million in losses to cyber crime. That was the highest national average in the study by the Ponemon Institute. Among the 59 U.S. companies in the survey, the average cost of cyber crime climbed by more than 9% over the course of the year.

    Among other findings, the study noted that the most costly cyber crimes are those caused by denial of services, malicious insiders, and malicious code. These threats account for more than 55 percent of all cyber crime costs. For a fuller look at these and other findings from the institute’s study of U.S. companies, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our AMS Security webinar
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: EMEA Recorded: Oct 8 2014 59 mins
    Sponsored by HP Enterprise Security, Independently conducted by Ponemon Institute LLC
    Explore cyber crime in Europe

    For its 2014 Cost of Cyber Crime study, the Ponemon Institute expanded its focus in Europe to encompass the Russian Federation, as well as France, Germany, and the United Kingdom. Collectively, the institute surveyed 137 companies in Europe in a study that found broad differences in the reported costs of cyber crime across the region. The per-company average ranged from $3.3 million in the Russian Federation to $8.1 million in Germany.

    The study results indicate that over the course of the year, cyber crime rose 20.5% in France, 17.4% in the U.K., and 7.2% in Germany. For a closer look at these and other findings from the institute’ European research, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our EMEA Security webinar.
  • HP TippingPoint is On Your Side When Every Second Matters Recorded: Sep 25 2014 28 mins
    Russell Meyers, Global Product Line Manager, HP TippingPoint
    Security defenses are only effective when you can easily deploy and manage them. HP TippingPoint Next-Generation Intrusion Prevention System and Next-Generation Firewall make it easy. And the TippingPoint Security Management System provides a dashboard to show you the state of your defenses and instantly see attacks that are blocked.

    Every second matters. Watch this interactive demo to learn how:

    · Easy it is to automatically download the latest Digital Vaccine packages to stay up-to-date with the latest security intelligence

    · Simple it is to share security configurations and policies across devices

    · The at-a-glance dashboard effortlessly shows your protection status

    · To automatically create protection, status and network behavior reports
  • Blocking Advanced Threats with a Layered Security Approach Recorded: Sep 18 2014 42 mins
    Joanna Burkey, HP TippingPoint DVLabs Manager & Russell Meyers, Global Product Line Manager, HP TippingPoint
    Threats to the network continually evolve, which makes isolating the victimized “patient zero” machine nearly impossible. Today’s advanced threats require an advanced approach to security. This session explores how HP TippingPoint stops these attacks in their tracks by neutralizing patient zero through behavior, static, and dynamic detection. Join us to learn how this layered security approach is the most effective way to minimize the threat of network infiltration and, when it does occur, protect your infrastructure from further damage.
  • Incident Response Techniques and Processes: Where We Are in the Six-Step Process Recorded: Aug 26 2014 62 mins
    Russ Meyers, Global Product Line Manager for the HP TippingPoint Enterprise Security Management System
    Incident response weighs heavily on the minds of security practitioners today. Prompted by the recent data breaches and attacks plaguing enterprises large and small, a new SANS survey project asked IT professionals to explain what steps they take immediately following a breach and to share how successful those steps really are.

    Tune into Part 1 of the Incident Response Techniques webcast to hear highlights from the survey results and discussion concerning where we are as an industry in a typical six-step incident response process.
  • Odd Todd Deploys TippingPoint Recorded: Jul 24 2014 3 mins
    HP TippingPoint
    View this video to see how easy it is for Odd Todd to deploy TippingPoint.
  • HP Cyber Risk Report Recorded: Jul 23 2014 4 mins
    HP Enterprise Security
    In application vulnerability testing performed by HP, 52 percent of total vulnerabilities found are on the client side, and 48 percent are on the server. That is one of the real-world statistics uncovered by the HP 2013 Cyber Risk Report and summarized in this informative four-minute video.

    The Cyber Risk Report video presents the data you need to separate the hype from the real threats and better plan how to spend your security dollars. View it to learn the most common kinds of attacks and to hear the one lesson learned from the in-depth study of the 2013 attack that took down South Korean Banks.
  • Role of Research in Stopping Security Threats Recorded: Jul 1 2014 22 mins
    Jennifer Ellard, HP, Patrick Sweeney, Dell, Robin Layland
    Jennifer Ellard from HP, Patrick Sweeney from Dell and Robin explore what role research by security vendors plays in stopping threats. Issues examined include the definition and importance of good research and how vendors shine and fall short. The discussion then moves on to selecting a security solution that is backed by world-class research.
  • Preparing for Zero-Days and Emerging Threats - Where Effective Security Counts Recorded: Jun 24 2014 35 mins
    Joanna Burkey,HP TippingPoint DVLabs Manager
    Staying ahead of the bad guys requires two things: a good plan and a good partner. Your security plan must be robust, flexible, and responsive. Your partner must do the heavy lifting, so your team can concentrate to what matters most to your business. HP Security Research Zero-Day Initiative has more than 3000 security researchers looking for vulnerabilities in the software you rely on. Once they are found, HP TippingPoint DVLabs pushes out weekly digital vaccine packages to proactively protect customers from emerging threats.
    But staying protected isn’t just a numbers game.

    Attend this webinar to learn:
    • How we develop “virtual patches” that block any attempt to exploit the vulnerability rather than simple filters to block individual exploits
    • How our approach reduces false positives
    • How the HP Security Research and DVLabs team keeps them out to let you rest easier
Delivering Advanced Network Defense to the Enterprise
This channel covers the latest topics in network security, virtualization security, and threat research from HP TippingPoint and HP DVLabs to help security professionals protect their network against ever-evolving threats

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Value of Vulnerability Disclosure
  • Live at: Mar 14 2012 4:00 pm
  • Presented by: Brian Gorenc, CISSP, CSSLP, Security Researcher with HP DVLabs
  • From:
Your email has been sent.
or close
You must be logged in to email this