The Value of Vulnerability Disclosure

Brian Gorenc, CISSP, CSSLP, Security Researcher with HP DVLabs
What is a vulnerability worth? If you are an attacker looking to launch an attack on an unsuspecting organization, your answer will be very different than the IT administrator running the organization. HP DVLabs runs the Zero Day Initiative, the industry’s leading organization for purchasing and disclosing vulnerabilities. In this unique position the DVLabs team must be keenly aware of both the black market for selling vulnerabilities and exploit information, as well as the potential costs to the enterprise affected by such vulnerabilities. Join Derek Brown, security research with HP DVLabs and liaison for the Zero Day Initiative for session on vulnerability disclosure and why it is so important to the security industry.
Mar 14 2012
43 mins
The Value of Vulnerability Disclosure
Join us for this summit:
More from this community:

IT Service Management

Webinars and videos

  • Live and recorded (1961)
  • Upcoming (51)
  • Date
  • Rating
  • Views
  • Join us for a 30-minute live session every Friday, where we’ll tour the RingCentral interface, discuss the latest innovations and features available on the RingCentral platform, and share best practices on leveraging cloud communications for your business. This session features a live demo of RingCentral Office and an open Q&A session led by a Sales Engineer. This week tune in and learn how your employees can hold multi-point HD video meetings around the world, anytime and anywhere with RingCentral Meetings.
  • Join salesforce.com customer kCura as they describe the value of having a communities platform to create frictionless service experiences with law firms, government agencies, and litigation service providers. Learn how a self-service community experience enables customers to help each other and themselves, letting service teams focus on the big issues. All of these benefits ultimately translate into a frictionless and unified experience for all their customers!

    George Orr is the VP of Client Services for kCura. He leads strategic and implementation initiatives designed to enhance the online experience of customers.
  • Over the past several years, ITSM has evolved dramatically. What was considered mature and effective Service Management a short time ago is barely sufficient today. Does this get you thinking about what is next for ITSM and whether your Service Management solution is the one to take you to the next level? Good! Let’s get together and talk about it. We will look at industry best practices, lessons learned and what you should consider in your future plans to get to the next frontier of ITSM.

    Join George Spalding, Executive Vice President of Pink Elephant, as he presents his thoughts about how we got HERE and what he believes are the next best moves to get us THERE – in the future of ITSM. George Spalding won the 2012 Ron Muns Lifetime Achievement Award from HDI, is one of the world’s most insightful IT Service Management and Support experts and has spent several years as a consultant to the White House, the Smithsonian Institute, and the Federal Bureau of Investigation. George is an ITIL Expert, he is a regular author of IT articles and white papers, and is a presenter at global ITSM conferences and events.
  • Over the past several years, ITSM has evolved dramatically. What was considered mature and effective Service Management a short time ago is barely sufficient today. Does this get you thinking about what is next for ITSM and whether your Service Management solution is the one to take you to the next level? Good! Let’s get together and talk about it. We will look at industry best practices, lessons learned and what you should consider in your future plans to get to the next frontier of ITSM.

    Join George Spalding, Executive Vice President of Pink Elephant, as he presents his thoughts about how we got HERE and what he believes are the next best moves to get us THERE – in the future of ITSM. George Spalding won the 2012 Ron Muns Lifetime Achievement Award from HDI, is one of the world’s most insightful IT Service Management and Support experts and has spent several years as a consultant to the White House, the Smithsonian Institute, and the Federal Bureau of Investigation. George is an ITIL Expert, he is a regular author of IT articles and white papers, and is a presenter at global ITSM conferences and events.
  • The Operations Bridge is “the” solution for IT Operations to effectively address the challenges they face when it comes to managing the new style of IT: complex composite applications, virtualized environments, cloud-based services, big data, and a variety of management solutions from different vendors. In this session, you will learn how the HP Operations Bridge solution allows you to take up those challenges and consolidate all your existing IT monitoring solutions, providing a unique solution to maximize efficiency and improve runtime and performance of your IT services.
  • Enterprises are realizing that the opportunity of data analytics is maximum when the data is fresh and represents the "current reality" of operations or customer experience. The business value of data dramatically falls with its age.

    As IT and line-of-business executives begin to operationalize Hadoop and MPP based batch Big Data analytics, it's time to prepare for the next wave of innovation in data processing.

    Join this webinar on analytics over real-time streaming data.

    You will learn about:
    •How business value is preserved and enhanced using Real-time Streaming Analytics with numerous use-cases in different industry verticals
    •Technical considerations for IT leaders and implementation teams looking to integrate Real-time Streaming Analytics into enterprise architecture roadmap
    •Recommendations for making Real-time Streaming Analytics – real – in your enterprise
    •Impetus StreamAnalytix – an enterprise ready platform for Real-time Streaming Analytics
  • Problem Management is a game changer. It is critical in developing real quality in service delivery. However, very few organisations actually get this aspect of ITSM working well.

    This fourth session in the ITSM Goodness series will look at how we spend too much time focussing on efficient ‘fire-fighting’ (Incident Management), rather than looking at avoiding recurrence or eradicating faults altogether - ultimately a better solution for customer and provider alike. Often there are some simple misunderstandings around what Problem Management is or what is required to make it work. Also it can be difficult to find the right people to make Problem Management happen, particularly as it is not a simple linear process that can be ‘industrialised’ like Incident Management. This session provides simple clear guidelines on what is needed and how to make Problem Management work well for your organisation.

    This 8-part monthly series is designed to provide real-time value to newcomers and take to the next level those already familiar with the approach.

    ITSM Goodness is an approach created by Barclay Rae to deliver practical, proven, successful and accessible advice and guidance for ITSM and IT professionals. The focus is clear and simple – on achieving the right business outcomes from IT, and how this is delivered, via the Customer Experience.
  • The foundation of success for any company is an outstanding customer experience, but we all know the journey toward creating an amazing service culture is a challenging one. While a great culture doesn’t happen overnight, it IS attainable (really!) with the right approach. Join Joel Daly, HOSTING’s COO, as he discusses HOSTING’s journey: the obstacles, the companies we admire, and the process we undertook to reach excellent service.
  • For many IT Service Organisations the selection of their ITSM toolset is one of the most important, and expensive, decisions they can make. Causing huge disruption and extra work as staff are moved from one system to another. The ITSM toolset is like the engine that drives an IT department and its ability to ensure work is prioritised, integrated and moved between support teams. It is utterly critical to the running of an IT department, but if its so important why do so many IT departments only keep a toolset for 3-5 years before moving to another one and starting the process again?

    Join Peter Hubbard, Principal ITSM Consultant at Pink Elephant, as he shares his experiences on what happens during an ‘out of the box’ toolset implementation program, along with his advice and guidance on avoiding typical pitfalls that many implementations could easily avoid.

    Learn about the critical importance of People, Process and Product working in harmony to make sure that your toolset selection and implementation program delivers real business value quickly.

    Learn why ‘Out of the box’ is a dangerous phrase, and there is no such thing in the real world. Peter will be join by Michael Jenkins, a veteran toolset implementer with over 20 such projects behind him as they discuss what happens in an ‘out of the box’ implementation.

    They will discuss how to pick a toolset, the value of use cases, what happens on the vendor ‘demo day’ and what sort of actions you can be undertaking prior to the chosen vendor starting their implementation in order to speed up the process and make sure that your most expensive ITSM decision returns real value.
  • There’s a sea change taking place in service and how consumer ‘journeys’ are taking place. Howard Kendall, founder of the SDI, has spent much time keeping track of what is really going on, how customer expectations are changing, and how we can use leverage this in the service desk industry.

    Join Howard for an informative discussion on how service desk can successfully rise to the challenge of delivering excellent customer service, meeting, and possibly surpassing, the expectations of the customers they support. Howard will provide some top tips that will help to win the hearts and minds of service desk customers and build stronger relationships with end-user constituents, elevating the position of the service desk within the IT organisation.
  • Channel
  • Channel profile
Up Down
  • Security Without Compromise: One Approach for the Financial Services Industry Recorded: Apr 15 2014 34 mins
    Learn from ING how one of the largest financial services corporations implemented ReputationDV (RepDV) from HP TippingPoint to proactively secure their network without compromising performance. RepDV, a security intelligence tool, monitors inbound and outbound communications to identify and block undesirable hosts. Updated every two hours, this robust security intelligence feed searches through hundreds of thousands of known malicious IPv4, IPv6, and DNS names and assigns a threat score of 1 to 100. Rated based on the analysis of the source, category, or threat, this score helps block traffic that poses a potential security risk. ING has had amazing success with HP TippingPoint RepDV:
    - 2 million connections blocked in 15 months
    - 75% decrease in total malware related incidents
    - 0 false positives
    ING will cover how deploying HP TippingPoint security intelligence helped simplify their network security strategy while increasing reliability and effectiveness.
  • Beyond best practices – Lessons from the HP Cyber risk report Recorded: Mar 25 2014 37 mins
    The complexity and difficulty of securing enterprises only grows with the passage of time. However, with the right information, organizations can significantly reduce their attack surface, substantially mitigate risks, and prevent the losses and damages associated with successful attacks. To that end, we examined the areas that significantly contributed to the growing attack surface in 2013. Come learn what those are and what – beyond standard best practices – you can do today.
  • Why You Need a Next Generation Firewall Recorded: Mar 3 2014 3 mins
    Next-generation (NG) firewalls, with features such as deep packet inspection, intrusion detection, application identification, and granular control, are important weapons in the battle against hacking and malware. Mobile applications have taken the overall scheme of corporate IT, and NG firewalls enable organizations to incorporate full-stack inspection to support intrusion prevention. This white paper explores the reasons for implementing NG firewalls and lays out a path to success for overburdened IT organizations.
  • Why you need to reconsider the OLD approach to Network Security Recorded: Feb 20 2014 42 mins
    Think your current approach to network security is lacking the next generation approach? You might be right! Join us for this webinar where Chris Rodriquez, Senior Analyst at Frost and Sullivan, will share current best practices in network security. He’ll cover approaches to network security hardware and software that will help your organization plan for the evolving threat landscape. Marco Ginocchio, Director of Regional Product Management from HP, will discuss how some of the next generation approaches to network security are being actualized in HP TippingPoint products.
  • Threat & Risk Management: Custom Digital Vaccine Creation Recorded: Feb 20 2014 48 mins
    HP TippingPoint DVLabs is on your side with over 8,600 filters right out of the box. These filters are focused on vulnerability and blocking all potential exploits on your network. But what if you need custom filter for your network? Watch Steve Povolny, manager of the Digital Vaccine team at HP TippingPoint, share best practices on how to follow the research, develop the filter, and test the performance with DV Toolkit. HP TippingPoint DVLabs allows organizations to tailor their network security strategies to even the score over the adversary.
  • Forrester's Take on the Next-Generation Firewall Market Recorded: Feb 10 2014 4 mins
    Watch this video to hear what John Kindervag from Forrester Research has to say about next-generation security.
  • Develop knowledge-based security using Zero Trust Recorded: Jan 22 2014 33 mins
    Threats are constantly mutating. Bad actors are everywhere. You could be attacked at any time from any direction. No longer are cyber attacks limited to external "hackers." All of these things makes the security professionals job much harder. To properly protect your organizations digital assets, you must transform your organization so that you can protect against all types of threats. By leveraging the concepts of Forrester's Zero Trust Network, you can build a secure network that you know is robust, agile, and able to meet the challenges of mutating threats. We call this "Knowledge-based Security". By leveraging the information, visibility, and proactive protections provided by Zero Trust, you can have the knowledge that you are providing your organization with state of the art protection.

    Additionally, you’ll hear from HP’s Senior Director of Network Security Product Management, Anthony Woolf, about how HP is providing zero-trust related capabilities through the HP TippingPoint IPS and NGFW devices.
  • How to Capture, Label, and Detect through a DNS Markov Model Recorded: Jan 16 2014 37 mins
    Quantifying which DNS hosts are unknown or infected is a complex undertaking. Building a Markov Model allows organizations to create data driven decisions based on calculated benchmarks to eliminate the guessing and diagnose infected hosts. Attend this webinar and see firsthand how the DVLabs organization custom builds a DNS Markov Model that allows for easier detection that will help you understand what is infected and what isn’t.
  • 2013 4th Annual Cost of Cyber Crime Study Results: Asia Recorded: Oct 31 2013 60 mins
    2013 Cost of Cyber Crime Study: Australia & Japan

    Join us for the 2013 results presentation of the second annual Cost of Cyber Crime study for Australia and Japan. Conducted by Ponemon Institute and sponsored by HP Enterprise Security, a total of 64 Australian and Japanese organizations participated. According to the findings, cyber attacks increased 12 percent in Australia and 32 percent in Japan. The costs associated with this increase in Australia were $772,903 and ¥265 million in Japan. “Findings from the report also show that each week Australian and Japanese organizations experienced on average 1.4 successful attacks per company”
  • 2013 4th Annual Cost of Cyber Crime Study Results: Europe Recorded: Oct 30 2013 62 mins
    2013 Cost of Cyber Crime Study: UK, Germany & France

    Join us for the 2013 results presentation of the second annual Cost of Cyber Crime study for the United Kingdom and Germany. For the first time, the research was conducted in France. Conducted by Ponemon Institute and sponsored by HP Enterprise Security, a total of 110 UK, German and French organizations participated. According to the findings, cyber attacks increased 16 percent in the UK and 21 percent in Germany. The costs associated with this increase in the UK and Germany were £904,886 and €830,169, respectively. For the first time, it was determined that the average cost of a cyber attack in France was €3.89 million. Findings from the report also show that each week UK and German organizations experienced on average 1.3 successful attacks per company. French organizations experienced an average of 1 cyber attack per company.
  • 2013 4th Annual Cost of Cyber Crime Study Results: Americas Recorded: Oct 29 2013 61 mins
    Join us for the 2013 results presentation of the 4th Annual Cost of Cyber Crime Study, conducted by Ponemon Institute and sponsored by HP Enterprise Security. This study, based on a benchmark sample of U.S. organizations, shows that cyber attacks not only increased 12 percent last year, the costs associated with those attacks increased by an average of 26 percent or $2.6 million per organization. Findings from the report also show that each week, an organization can expect two of the many cyber attacks launched against it to succeed.

    Join us for this important webinar and learn how:
    • All industries and all sizes of organizations fall victim to cyber crime, but to different degrees.
    • Denial of service, malicious insiders and web-based attacks comprise the most costly crimes.
    • Attacks can be mitigated by SIEM, enterprise governance, application security testing and other prevention-focused strategies and technologies.
  • Analyst Webcast: Not your Father's IPS: SANS Survey on Network Security Results Recorded: Oct 29 2013 54 mins
    Changing threats, business processes and technology call for a new look at network security and how it interacts with our intrusion prevention systems. But just what are the next-generation intrusion prevention systems we need to meet those threats, and what do your peers think should be in them?

    Join us for this Webcast, in which we unveil the results of our network security survey, to learn:

    •How you compare with your peers in management support for network security
    •Where you stand in IPS deployment vs. your peers
    •What features your peers would like to see in next generation IPS
    •Which elements, such as firewalls, routers, switches and clients they would like to see as part of a next generation fabric-based IPS.
    Register for this webcast and be among the first to receive access to a complimentary whitepaper on the same subject developed by Rob Vandenbrink.
  • Threat Central – Cloud based Threat Intelligence Sharing Recorded: Oct 9 2013 24 mins
    In the new generation of cyber defense, security intelligence becomes a key element. Recent technology advances provide the foundation for a new type of threat intelligence sharing platform to organize, collaborate, and manage risk more effectively. This sharing platform makes your security program more effective with actionable protection.
  • The lost art of vulnerability research Recorded: Oct 2 2013 51 mins
    What grade would you give your company on using vulnerability research to protect your organization from new security threats?
    If not an A+, learn best practices from Frost and Sullivan’s Chris Rodriguez, senior industry analyst on network security.

    In this webinar, we’ll discuss current threats that have been mitigated by leading vulnerability research and share how timely vulnerability research can help your organization prepare.
  • Cutting Through the Hype: What Is True “Next Generation” Security Recorded: Aug 13 2013 47 mins
    Organizations are struggling with new and more sophisticated threats, borderless networks, increased bandwidth requirements and more applications spread throughout the entire data center. A wealth of vendors are claiming to offer “next generation” security capabilities to address every security need under the sun. Cut through the nomenclature to learn what “next generation” really means and how it can actually help you meet today’s challenges head on and ignore all the hype.
  • Top 10 Tips to be Compliant and Secure Together Recorded: Jan 17 2013 45 mins
    Compliance and security are better together and there are tools and resources that can be combined to achieve both. Learn the top 10 tips - such as continuous monitoring, assessing the controls, and cost-effective audit logs - to understand and implement best practices of compliance and security together.
  • Modular Security For Today’s Cyber Threats and Cloud-Based Data Centers Recorded: Jan 17 2013 49 mins
    Network security is not just about eliminating bad traffic, it is also about making sure applications and critical data are always available to the right audience at the right time. The right network security architecture can provide security for physical assets, but also extend protection for virtual and cloud computing infrastructures without impacting performance. In fact, unlike in the past, a network security product should never be considered a bottleneck due to deep packet inspection, but should actually be capable of improving bandwidth and performance.

    About the Presenter:
    Sanjay Raja, Director of Product Marketing for HP TippingPoint, is responsible for marketing of HP TippingPoint’s Network and Cloud Security solutions. He has over 12 years of experience in various Product Marketing, Product Management, and Alliances roles primarily in IT Security. He has been in the IT industry for the last 18 years with experience in Security, Networking, Servers and Storage and Network and Application Performance Testing. In addition he has authored several papers and presented at various industry events on security, compliance and testing. Prior to HP he has worked at Cabletron Systems, 3Com, Nexsi Systems, Spirent Communications, Top Layer Networks, Symantec and most recently Crossbeam Systems. Sanjay currently holds a B.S.EE and MBA from Worcester Polytechnic Institute.
  • Social Networking: Risky for the Enterprise? Recorded: Sep 6 2012 49 mins
    Social networking for most of us is becoming wrapped into our DNA. This is especially important for the next generation workforce. Additionally, the employees today and those of tomorrow will expect the capability to blog and social network with corporate assets and corporate bandwidth. Additionally, these technologies are being widely used for corporate marketing and communication. That is why it's important to look at all aspects of securing your infrastructure and more importantly, the people that drive your organization today. This involves educating people, corporate process and the right security technologies. The following session will cover the benefits and the security risks inherit with social networking across all business verticals. Additionally, the author will provide a use case analysis of information that is gathered via web beacons that harvest information unknowing to the user.
  • Understanding Vulnerabilities to Better Mitigate Threats Recorded: Jun 21 2012 45 mins
    Vulnerabilities that exist in today’s commercial and custom software are the primary target for attackers. The most severe of these vulnerabilities are those that can result in remote code execution – that is an attacker can take complete control of another system for the purposes of stealing information, defacing property or just causing trouble. In this session, Brian Gorenc, will demonstrate how to analyze a vulnerability and the steps required to weaponize it. Centering on a vulnerability in a Microsoft application, the demo will show you how an attacker can quickly move from proof-of-concept to remote code execution. The discussion will also include thoughts on mitigation strategies for reducing risk.
  • Top Security Threats and Trends: 2011 Cyber Risk Report Recorded: May 2 2012 47 mins
    Enterprise organizations have been under security attacks for the past decade, but security events in 2011 have created a ripple effect that will be felt for years to come and will actually start to shift the way we view security. This webcast will highlight the latest threat trends and risks from the new 2011 Cyber Risk Report from HP Enterprise Security and will cover:

    • Why a decline in vulnerabilities disclosed may lead to a false sense of security
    • How changing attack motivations are increasing security risks
    • What the biggest risks to the enterprise were in 2011
Delivering Advanced Network Defense to the Enterprise
This channel covers the latest topics in network security, virtualization security, and threat research from HP TippingPoint and HP DVLabs to help security professionals protect their network against ever-evolving threats
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Value of Vulnerability Disclosure
  • Live at: Mar 14 2012 4:00 pm
  • Presented by: Brian Gorenc, CISSP, CSSLP, Security Researcher with HP DVLabs
  • From:
Your email has been sent.
or close
You must be logged in to email this