Computer security is in bad shape. No, that is putting it nicely. Our state of security is entirely dismal. Apologists will sometimes dismiss this as our industry being 'young'. Sure, compared to building pyramids or fire, it is. But compared to the car industry, circa Ford and their Model T in 1908? Our industry is arguably just as old. And to go with that age, ulnerabilities from back then are still plaguing us to this day. How did we get here, knowing what we know?
This talk will give a brief but amusing overview of the history of vulnerabilities. With each crazy story we will see that the lessons buried in our history are just as important now as they were then. Yet, miraculously, we've somehow ignored that...
Brian Martin has been studying, collecting, and cataloging vulnerabilities for 15 years, personally and professionally. Starting with a personal collection organized in the FILES.BBS format and ultimately becoming the Content Manager of the Open Source Vulnerability Database (OSVDB), he has pushed for the evolution of VDBs for years. If his business card could read "Vulnerability Historian", it would. Brian has been involved in all aspects of the vulnerability disclosure process, including finding new vulnerabilities, exploiting software (legally and illegally), writing advisories, coordinating disclosure, and working with a variety of organizations to improve vulnerability handling and response. Additionally, Brian is known for his work on attrition.org, a hobby web-site that has provided critical commentary on the dismal state of the information security industry.