The name "Black
Hat" for years has been synonymous with shadowy hacker activities.
Many also know that the term refers to the popular annual
security conference of the same name, long held in Sin City itself -- Las Vegas.
This
week, however, the Black Hats aren''''t flocking to Vegas.
Instead, they''''re meeting in the heart of the federal
government:
Washington, D.C., a setting that makes for a very different type of
security conference.
"It''''s almost the ''''white hat'''' Black Hat, with much more
focus on defense
than offense," said Brian Chess, founder and chief scientist at
enterprise security player Fortify Software.
Chess is no stranger to either Black Hat or Washington. His firm is a partner with the government-funded Computer Emergency Response Team (CERT) on automated compliance checking.
At the last Black Hat Las Vegas
event, Chess also ran the famed Iron Chef Black Hat hacking challenge.
This week, he''''s expected to speak once more on security issues. This time around, Chess will be talking about software testing and using functionally tests to find vulnerabilities.
"It''''s about how you build software right, as opposed to how you break something," Chess told InternetNews.com. "We''''ll be talking about some of the less-than-ideal ways that people go about finding security vulnerabilities in their code."
In Chess'''' view, developers often fail to do a great job of security testing simply because they don''''t have to.
Since plenty of bugs can be found easily, they typically feel little
incentive to undertake a more rigorous and thorough search that might
find all bugs, he said.
On the flip side, "if you actually want to build something that is secure, there actually is a lot you can do," Chess said.
Not surprisingly, the security conference''''s inside-the-Beltway setting also means it will have a special focus on government.
Among the week''''s sessions are a talk on phishing and the Internal
Revenue Service (IRS), and a discussion of potential cyber-threats to
the 2008 presidential election.
The government focus is also reflected in the background of some of the speakers at the event. The only keynote of the Black Hat D.C.
event is being delivered by Jerry Dixon, a former deputy director of
US-CERT and the founding director of the IRS''''s Computer Security
Incident Response Capability.
A former.
In a talk about social engineering, Peter Earnest, a 35-year veteran of
the Central Intelligence Agency, will discuss his experiences in
espionage.
Published: February 23, 2008
More reviews about the www.internet.com