Good information security policy requires addressing a myriad of complicated, inter-related issues, while still adhering to the Hippocratic principle of "First, Do No Harm." Rather than new regulation, one approach is to bring those that understand the issues and have a stake in the game together to find common ground.
This talk will present the US Department of Commerce's new initiative on vulnerability research disclosure, and explain the multistakeholder process that builds on community experience to build trust between security researchers and software and system vendors. The goals are to identify and promote common principles and best practices that all parties agree will promote We'll translate DC buzzwords, and ask for your feedback on how we can make this process better.
Director of Cybersecurity, NTIA - US Dept of Commerce
Allan Friedman: Government technocrat, and game show host impressario. 2 years working on IoT patching policy, but worries about over-regulation. 15 years of infosec policy experience.
Tuesday August 4, 2015 15:00 - 15:55
Common GroundFlorentine G