ZDI, Vulnerability Research Organization, Wassenaar Arrangement discussed on Security Now

Security Now
|

Automatic TRANSCRIPT

The threat landscape shifted as well. Before two thousand twelve, we rarely saw an adobe reader submission outside of Po to own. Once we reached twenty twelve, there were more than one hundred submissions. Many of those reports were submitted by ZDI researchers overall in internal fines represent about twenty percent of all the cases we process every year bugs effecting Acrobat Fox it and other PDF readers continued to be prevalent but we've also seen the rise of De serialisation bugs and a sharp increase in Scada vulnerabilities. Home Routers have also become a popular target says they can be compromised on mass to be used in botnets and De dos attacks as a result, the ZDI adapted and began accepting. Related. Submissions especially those related to IOT devices. The production of the. The Wassenaar Arrangement. Posed some challenges especially when purchased bug reports from member countries however, we were able to navigate the paperwork needed to transfer cyber arms and stay on the right side of the law. The virtualization category was introduced to pawn to own in twenty sixteen, and since that time we've had several guest to host escapes demonstrated, and of course, we've talked about those on the podcast. The contest celebrated its tenth anniversary in twenty seventeen by acquiring fifty one zero day vulnerabilities over the Three Day contest and twenty nineteen we partnered with Tesla to award a model three to a pair of researchers who exploited the car's infotainment system Zdi. Researchers also demonstrated their own exploit of the infotainment system. The contestants have changed over the years as well in the beginning individual researchers made up the majority of entries but with. Only a few with only a few teams participating at one point. This shifted to most participants being teams sponsored by their employers there have been instances of teams filling bug reports with vendors before the contest in the hopes of killing their competitors exploits in the past couple of years that has shifted back towards individuals and small independent teams, and we've never stopped growing. We hit our peak of fourteen hundred and fifty published advisories in twenty eighteen and were set to eclipse that this year. In fact, we've been recognized as the world's leading Vulnerability Research Organization for the past fifteen years according to according to. A mighty AH, the ZDI was responsible for over half of all measured vulnerability disclosures and twenty nineteen more than any other vendor. And, finally, moving forward, they said over the past fifteen years, we've seen trends in exploit economy, vulnerability marketplace come and go. But through it, all we've been laser focused on one thing making the digital world more secure one. CVA, at the time through the tireless work Zdi researchers and the wider community, we've determined to continue disrupting the vast cybercrime economy and raising the Bar for enterprise software security for the next fifteen years in the on. So anyway interesting walk through the past fifty years. which corresponds with the PODCAST and we've covered all this stuff along the way completely parallel. Very.

Coming up next