The future of exploit vulnerability research

Date: Feb 12, 2009

Some say that the cost of exploit development has become so high that it has driven much of the offensive security research underground. So is it futile to patch if exploit development is expensive and time-consuming?

At this year's Information Security Decisions, a security researcher panel made up of Alexander Sotirov from VMware, Dave Aitel of Immunity Security Inc, Billy Hoffman of HP and Matasano Security's Tom Ptacek discusses the question, as well as the future of the software development lifecycle.

More on Secure Coding and Application Programming

Web application firewall: Protection against most security vulnerabilities?
VIDEO - Hugh Thompson, founder and chief security strategist at People Security, reviews why WAFs alone are not strong enough to tackle today's Web application threats.
CISSP Essentials training: Domain 6, Application and System Development
VIDEO - In this CISSP Essentials video, Domain 6, Application and System Development, expert CISSP exam trainer Shon Harris details how applications and systems are structured.
Building a secure website and maintaining good website design
Tip - As a new website is developed, security goals often lose out to design aspirations. Learn how to keep security at the top of the priority list.
A compliance strategy for the controversial cookie opt-in regulation
Tip - Businesses face many concerns with the PECR cookie law. Compliance expert Alan Calder offers a compliance strategy for the cookie opt-in regulation.
Session fixation protection: How to stop session fixation attacks
Answer - Session fixation attacks rely on poorly managed Web application cookies. Rob Shapland answers a reader’s question on session fixation protection.
Windows security case study: Controlling Windows 7 user privileges
News - After migrating from Windows XP to Windows 7, Oxford University Press used Avecto’s Privilege Guard to control Windows 7 user privileges.
( Feb 24, 2012 )
Using Burp Suite proxy tool to examine client-side requests
Tip - The free Burp Suite proxy tool can be used for good or for bad. Expert Rob Shapland provides usage scenarios for both.

Back to top

Networking UK
- Cisco Live London: 40 and 100 GbE, souped up WLAN
  
  At Cisco Live London, Cisco launched 40 and 100 GbE switching, a souped-up 4-antenna WLAN access point, and a host of network virtualisation technologies.
- UK Networkers should gear up for mobility implementations in 2012
  
  Companies are rethinking legacy tools to take advantage of what users get from having access to data and applications across all kinds of devices, according to TechTarget’s 2012 IT Priorities Survey.
- Cloud gets vote of confidence from UK buyers in 2012 IT priorities
  
  The cloud is set to be a key investment area for UK buyers in 2012 with 30.5% of IT buyers pledging to spend on the technology, according to TechTarget’s 2012 IT Priorities Survey.
Virtual Data Centre
- Microsoft volume licensing costs to increase up to 33.5%
  
  Microsoft will increase its volume licensing prices in the UK between 7.5% and 33.5% starting July 1 to maintain price consistency owing to the sustained currency difference in Europe.
- VMware vSphere 5 storage features: Part two
  
  VMware vSphere 5 storage features include Storage DRS, VSA and data store clusters. IT pros can learn what these features bring to their infrastructure and how best to use them.
- VMware updates vFabric Suite for cloud automation: News roundup
  
  VMware ‘s launch of vFabric Suite 5.1 for cloud automation, Equinix’s acquisition of a colo service provider and UK SMEs’ cloud adoption are this week’s highlights.
DataManagement UK
- History lesson points way forward on data management projects
  
  Data management projects often suffer from historic amnesia. Projects that co-locate business and IT staff and keep to a manageable scale can achieve remarkable results, says consultant Andy Hayler.
- NEC Europe has yen for Host Analytics’ financial planning
  
  NEC Europe has signed up to use Host Analytics' cloud-based financial planning service to better integrate an acquisition and support its growth plans.
- Podcast: How to craft an effective MDM strategy
  
  In this podcast interview, Andy Hayler gives advice on how to create and implement an MDM strategy that is ruthlessly focused on business value.
Security
- 2012 Security 7 Award nomination information
  
  Recognize yourself or a worthy infosec pro you know by submitting a nomination for the 2012 Security 7 Award. Get all the info here.
- Android Malware Genome Project aims to nurture mobile security research
  
  Project will share data on malware targeting the Android platform. It has collected 1,200 Android malware samples.
- Threat of SSL malware highlights SSL security issues
  
  Expert Nick Lewis highlights SSL security issues and the threat of SSL malware being transmitted via HTTPS. Is this a serious blow to SSL security?
Cloud Security
- Cloud DLP: Understanding how DLP works in virtual, cloud environments
  
  Applying DLP technology to virtual machines can enable cloud computing with enhanced security and compliance.
- Leveraging Microsoft Azure security features for PaaS security
  
  Organizations can boost PaaS security late in the game by implementing these stopgap measures.
- Quiz: Understanding cloud-specific security technologies
  
  Think you understand cloud-specific security technologies as well as expert Joseph Granneman does? Test your knowledge with this quiz.
Information Security
- CEH certification gains credence in IT security domain
  
  CEH certification is much sought after in the IT security domain today. Here’s how you can obtain CEH certification and why you should attempt do so.
- Information security budgets: Five steps to obtain management buy-in
  
  Getting management to approve security budgets is difficult. Here are guidelines to help you prepare and present information security budgets effectively.
- Maltego tutorial - Part 1: Information gathering
  
  Maltego is a powerful OSINT information gathering tool. Our Maltego tutorial teaches you how to use Maltego for personal reconnaissance of a target.

Latest Headlines

IT in Europe: Security Edition

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Blogs

The future of exploit vulnerability research