Back To Schedule
Friday, May 17 • 3:40pm - 4:30pm
Keynote: All These Vulnerabilities, Rarely Matter

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

There is a serious misalignment of interests between Application Security vulnerability assessment vendors and their customers. On the surface you can see it within the pages of any Application Security vulnerability statistics report, where they state that the vast majority of websites contain serious issues — averaging dozens (SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, etc).  Their data also shows only half of those reported vulnerabilities ever get fixed and takes months. The data itself is not in dispute, these are legitimate vulnerabilities, but underneath there’s a secret: Vendors are incentivized to report everything they possible can, which they use to impress and win deals, even issues those vulnerabilities rarely matter. As a proof point, the vast majority of those ‘serious’ website vulnerabilities are simply NOT being exploited. Why is that?

Conversely, customers just want the vulnerability reports that are likely to get them hacked. Every finding beyond that is a waste of time, money, and energy, which is precisely what everyone is currently experiencing. If attackers really aren’t finding, exploiting, or even caring about these vulnerabilities as we can infer from the supplied data — the value in discovering them in the first place becomes questionable.

avatar for Jeremiah Grossman

Jeremiah Grossman

Founder and CEO, Bit Discovery
Jeremiah Grossman, Founder & CEO of Bit Discovery, Chief of Security Strategy (SentinelOne), Professional Hacker, Black Belt in Brazilian Jiu-Jitsu, and Founder ofWhiteHat Security, Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime incomputer security... Read More →

Friday May 17, 2019 3:40pm - 4:30pm PDT
Sand and Sea Room