While I'd like to see Black Hat add some more defensive-minded tracks, I
just realized that this desire might a symptom of a larger problem: there
aren't really any large-scale conferences dedicated to defense / software
assurance. (The OWASP conferences are heavily web-focused; Dept. of
I agree on the terminology of whitehat vs. blackhat here Sergio, but in
almost every other regard I disagree completely.
To design and build proper software and hardware there are a lot of
conferences out there, as well as trainings and a huge amount of literature.
There are very good books
Not many builders go to BlackHat. BlackHat is by Breakers, for
Defenders. It is primarily attended by Defenders, with a smaller pool
of dedicated Breakers.
It is very valuable to our industry to have conferences focused on
Breaking. Though they do have Builder and Defender talks. Some of my
first
Hi Chris,
Thanks for answering my email.
There's one thing that I actually believe you people are not following here.
Blackhat is a conference to present cutting-edge NEW offensive technologies,
methodologies, techniques, etc. It is *not* about talking things there were
already presented and
Sergio,
Blackhat IS about breaking stuff, the vendors area offers defense
products and services to improve your security. For building stuff (as
in development) there are other conferences out there. People go to
Blackhat to be aware of what things might go wrong in order to protect
better
There are these:
ISC(2) Secure Software Conference Series -
https://www.isc2.org/PressReleaseDetails.aspx?id=650
ESSoS - http://distrinet.cs.kuleuven.be/events/essos/2012/
SecSE - http://www.sintef.org/secse
SSIRI - http://paris.utdallas.edu/ssiri11/
But your point is taken. Most of the