You found a vulnerability in a product and decide to responsibly disclose the issue. Thank you! This should be an easy task to do - right, but what are the steps? This talk will cover what to consider in submitting a vulnerability report and how to submit a good vulnerability report. We will discuss why you should submit a report and will cover the pros and cons of supplying a disclosure date and what Coordinated Vulnerability Disclosure really means. You will also get a behind the scenes insight into what really goes on after the issue was disclosed. We will also touch on scenarios such as what if the issue affects more than one company, and who can help if you don’t feel like reporting the issue directly to a company. The talk will also cover some tips and choices you have for after the issue is disclosed/addressed. The ups and downs of your end goal – are you there to help protect yourself and other consumers, protect the company, or go for fame – or can you do it all?
Lisa Bradley - Dr. Lisa Bradley is currently the Senior Program Manager for NVIDIA’s Product Security Incident Response Team (PSIRT). Her responsibilities include the management and resolution of product security vulnerabilities involving all NVIDIA products. She has 5 years of experience leading PSIRT programs as she previously worked at IBM for 17 years. Lisa has served as a spokeswoman for many tech-related events including 2016-2018 FIRST PSIRT Technical Colloquium, 2017 FIRST Annual Conference and the Security Journey White Belt modules. Lisa received her BA degree in both Mathematics and Computer Science from SUNY Geneseo. She also has a Masters and PhD in Applied Mathematics from NC State University. Outside of her role with NVIDIA, Lisa has been an adjunct professor at local universities for the past 12 years. Lisa enjoys spending time with her three kids, James (10), Jesse (7) and Anna (5). CRob Bio - Christopher Robinson (aka CRob) is the Manager of Red Hat Product Security Assurance Team. With 20 years of Enterprise-class engineering, operational and leadership experience, Chris has worked at several Fortune 500 companies with experience in the Financial, Medical, Legal, and Manufacturing verticals. He is a contributor to the FIRST PSIRT Services Framework and other industry groups. CRob has been a featured speaker at Gartner’s Identity and Access Management Summit, RSA, Derbycon, the (ISC)2 World Congress, and was named a "Top Presenter" for the 2017 Red Hat Summit. CRob is the former President of the Cleveland (ISC)2 Chapter, and is also a children's Cybersecurity Educator with the (ISC)2 Safe-and-Secure program.