This event has ended. Visit the official site or create your own event on Sched.
One Track
Lots of Flavor
Back To Schedule
Thursday, April 18 • 2:00pm - 2:30pm
Multi-party vulnerability response in/with OSS

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The Microsoft Security Response Center leads vulnerability response and disclosure for all Microsoft’s products and services – including open source software that Microsoft maintains and products or services that consume OSS.  OSS security vulnerabilities usually affect multiple parties and in many cases it is necessary for these parties to come together to coordinate the disclosure to minimize the risk and disruption to end-users (this is usually known as multi-party coordinated disclosure).  This talk will present examples in multi-party coordination involving OSS, including coordination related to hardware (e.g., CVE-2018-8897), software (e.g. CVE-2019-5736) and standards/protocol weaknesses (e.g. CVE-2018-5391).  We will extract commonalities, challenges, and lessons learned across several scenarios and provide our recommendations on coordinated multi-party response for organizations that are building or improving their product security response programs.

avatar for Jorge Lopez

Jorge Lopez

Principal Security PM Manager, Microsoft
Jorge is a Principal Security PM Manager in the Vulnerability Response and Remediation team of Microsoft’s Security Response Center (MSRC). In this role, he leads a team responsible for intake, handling, and disclosure of security and privacy vulnerabilities in Microsoft’s products... Read More →

Thursday April 18, 2019 2:00pm - 2:30pm HST
Halele'a Room (Salon 2) 3610 Rice Street, Lihue, Hawaii 96766, USA