VASCAN 2014

Everywhere you turn there seems to be bad news about the state of
security at organizations these days. With approximately 10,000
vulnerabilities disclosed each year and many of them very basic in
nature, it is clear that vendors have not implemented the security
improvement we desire in our software. As the code providing our basic
infrastructure (e.g. water, electricity), cars, medical devices comes
under increasing scrutiny and attack, dramatic reports flood the news
about how vulnerable these critical systems are and the mass chaos
that could ensue, if they were compromised or destroyed.

Unfortunately, no matter how many new shiny information security
appliances are purchased, data breaches continue to happen at alarming
rates. It doesn’t matter what industry or the size of an organization,
as no company seems to be immune. The number of data breaches in 2012
hit record highs with over 3,100 known breaches and in 2013 over 800
million records were exposed. All time there have been over 13,000
known data breaches tracked with over 3.2 billion records exposed, the
costs to organizations simply cannot be ignored.

While many had hoped that market forces would prevail and customers
would choose software with better security, in most cases there are
not viable alternatives and consumers and forced to accept software as
is.  This session takes a look at vulnerabilities, data breaches and
the current state of information security with an eye towards the
future that includes Evidence Based Risk Management, Cyber Liability
insurance, Product Liability and Bug Bounty programs.