Why Do We Suck at Infosec? presented at AppSecCalifornia 2015

by Charlie Miller,

Summary : I'll begin the talk by contrasting the different kinds of attacks and targets, from typical enterprise to nation/state-level attackers and targets. Next, I'll discuss how difficulty in measuring the security of products leads to the current state of software security woes. Then I'll address how the information security industry has largely failed by permitting zero-day sales and stunt hacking and selling ineffective boxed solutions. Finally, I'll end by showing where I think we need to go and how we'll get there (and show how we're already on our way).