Independent researchers are lifeblood of the hacking community. Discovering new vulnerabilities, formulating new strategies and ideas, publishing white papers and blogs, and creating new tools, these visionaries help move our community and industry forward.
Unfortunately, many outside of the community look down upon independent security researchers and dismiss their ideas and work. This can be for numerous reasons, such as the research not working for a specific organization or company, the lack of scientific and academic standards, or just a prejudice against the concept of independent research. Even worse, for our community, we have recently witnessed the prosecution of some of these researchers for crossing real or imaginary legal lines during the pursuit of their study.
One way to help legitimize the researchers to others in the corporate and academic communities, as well as help them avoid legal trouble, is the creation and adoption of research guidelines. The first half of the talk discusses some of the potential pitfalls and prejudices independent security researchers face, especially in regards to security disclosures. After that, there will be a frank discussion with audience members about their concerns and fears in terms of research, as well as what they would like to see in a research framework. Finally, volunteers will be invited to help create the framework.
Michael Smith is a senior security engineer and consultant for ePlus Security. A long time veteran of the industry, he has a diverse IT background, although his true passion remains security. Michael is currently a Doctoral candidate at Capital College, researching the usage of qualitative and quantitative intelligence in security analytics. He holds several certifications including his CISSP, OSCP, and GPEN. When not testing or securing the enterprise, Michael enjoys spending time with his family, pursuing his many geeky interests, wearing strange hats, and traveling… especially to see the Mouse.