Abstract of the presentation:
In the ever changing security landscape we are slowly seeing a shift from labelling hackers per default as 'bad and malicious individuals', to accepting them more often as 'useful and potentially friendly’. We see more and more companies starting a bug bounty program and/or a Responsible Disclosure (Coordinated Vulnerability Disclosure) program.
We in the Netherlands are (at least in Europe) leading the pack on this last subject, backed heavily by the Dutch NCSC, the Dutch government and the Dutch prosecution services, with their Responsible Disclosure guideline.
In this interactive and mostly humorous talk I’ll start with defining security (in a grotesque way), followed by the ‘real’ definition of hackers, the way hackers think and work, and how they can be used instead of feared by companies. I’ll show how bug bounties and the Responsible Disclosure processes can work, but also how they sometimes do not. I will take the audience with me along the path to these fails, and discuss the way we can –or could have- improve(d) these processes. I might even please you with some nice IOT drama. My final ‘calculation’ will try to open the door to a safer online world! (from a hacker’s point of view that is.) ;)
During the talk I interact a lot with the audience, do humorous quiz questions about the subject, and reward good answers with a bottle!
From a hacker’s perspective, that is...…