It’s official and I’m pretty excited about it: I will be speaking at Metricon 6.0 in San Francisco on August 9th. In case you’re not familiar with Metricon, it’s a conference born from Andrew Jaquith’s book Security Metrics (which I HIGHLY recommend). It’s co-located with another good conference, USENIX. Having participated in a Metricon two years ago, I’m a huge fan of the format and content. It easily introduces more new ideas in information security than any other conference I have attended.
My talk is a work in progress on applying meta data to a vulnerability warehouse in order to glean business context. By adding a layer of meta data, an organization can create unique views into their defect data that helps prioritize which vulnerabilities and misconfigurations are the most important to address. Without diving too much into the details of the presentation, imagine repurposing data from CMDBs, incident reports, system and application logs, network maps, organizational charts and so on. By adding this layer of meta data on top of a defect warehouse these views will start to expose multi-vector attack paths, correlate internal and external assets, provide some initial ‘likelihood’ into exploitable exposures, etc.
The talk is part of a series I am doing on security intelligence, some of which has been blogged about here. Once the presentations are complete I will be posting them here so stay tuned. If you happen to be in San Francisco on August 9th or are already coming to USENIX, try to make it to Metricon. There’s alway a lot of great ideas and I don’t think you’ll be disappointed. Hope to see you there!
Update: As promised below are the slides from my Metricon 6 presentation. This is an updated version originally presented at OWASP Philadelphia.