Over the last week I was struck by the overwhelming number of vendors in attendance at Black Hat in Vegas. As well, there were the bunch of E&Y on hand to most likely try to save face. Then there was the loathsome booth bunny crap that MuSecurity.com pulled by dressing up a couple of young women in outfits that lent themselves to an image of working a corner (thumbs down to that crap). Then there was the army of Microsoft people. I started to feel like I was trapped in the Invasion of the Body Snatchers. All in all they were not as religious about being “Redmond” as I had expected. I did in fact meet a member of their privacy group that I had a great talk with. So, the pre 9/11 days have given way to a veritable orgy of free booze and catered parties….wait…what was my point? Oh yeah, (insert vendor) is the greatest. Can I get another canape?
Here is a quote from the ISC Diary that sums it up beautifully.
Think back six years ago or so…
1. security researcher finds flaw in product Z
2. researcher contacts vendor, and gives them a timeframe for release
3. vendor makes changes
4. researcher publishes flaw to bugtraqPost 9-11, post DMCA, post PATRIOT Act…
1. security researcher finds flaw in product Y
2. researcher contacts vendor, and gives them a timeframe for release
3. vendor accuses researcher of violating DMCA
4. researchers start to horde malwareDefcon 13 (last year)
1. security researcher finds flaw in product X
2. researcher contacts vendor, and gives them a timeframe for release
3. resercher faces potential arrest… goes to worrk for the competitionDecon 14 (this year)
1. security researcher finds flaw in product W
2. vendor shmoozes him (as in wining and dining) at fabulous parties, interviews, PR opportunities, etc.
[tags]Black Hat, Defcon, Vendors, Catered Parties, DMCA, Microsoft[/tags]