Vulnerabilities have never been so marketable. There are many ways for security researchers to monetize their efforts: bug bounties, private markets, and of course work for hire. MedSec introduced us to a new way to monetize vulnerabilities by influencing market makers. What does the future hold for this approach? Are there other ways to fix the dysfunctional market around product security. With a fireside chat, Chris Wysopal will ask Justine Bone about the MedSec and Muddy Waters collaboration and how we can learn from this as we look to the future.
Justine Bone is CEO of cyber-security company MedSec, a vulnerability research and security solutions company focused on medical devices and healthcare systems. Justine is a seasoned information technology and security executive with background in software security research, risk management, information security governance, and identity management. Her previous roles include Global Chief Information Security Officer at Dow Jones, a News Corporation company and publisher of the Wall Street Journal, Global Head of Information and Physical Security at Bloomberg L.P., CTO of Secured Worldwide, an NYC- based FinTech company, and CEO of security research firm Immunity Inc. Justine began her career as a vulnerability researcher with Internet Security Systems (now IBM) X-Force and New Zealand's Government Communications Security Bureau. She also has a background in the performing arts as an ex-dancer with the Royal New Zealand Ballet company.
Chris Wysopal, Veracode's CTO and Co-Founder, is responsible for the company's software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He published his first advisory in 1996 on parameter tampering in Lotus Domino and has been trying to help people not repeat this type of mistake for 15 years. He is also the author of "The Art of Software Security Testing" published by Addison-Wesley.