Zalud’s Blog has learned that, on Wednesday, August 6, Symantec commissioned an anonymous survey to explore Black Hat attendee’s views on vulnerability research and the challenges and opportunities they anticipate they will face over the next twelve months. The survey was administered by Applied Research onsite at Black Hat and the initial data collected reflects responses from 500 attendees.

The Black Hat convention was attended mostly by IT managers and independent researchers; mostly in the high tech industry within North America.

Black Hat is attracting an international audience with 18% of conference attendees joining from other regions outside North America.

46% of respondents believe web services and web 2.0 technologies are considered to be technologies that will contain the top security issues next year. This is closely followed by virtualization (35%) being a top security concern.
The main sources of data theft are as follows: insufficient access controls (26%); lost/stolen laptops (23%); data sent to third parties (21%); and improper posting of data to the Internet, intranet, and extranet (20%).
About a third (34%) are currently implementing whitelisting within their organization.
All enterprise systems are considered to be quite critical in protecting with whitelisting, with servers surpassing other enterprise systems slightly.
Job function (52%) and curiosity (44%) typically motivates researching an application or technology.
The majority (55%) have not created any piece of malcode in the name of research or education. However, 17% of respondents claim they would create malware if they thought it helpful for research or their education.
Web technologies are the greatest concern from a vulnerability perspective among IT managers.
Windows XP platform is the operating system of greatest concern to IT managers. In 2007 IT managers were more concerned of Vista vulnerabilities.
The majority (49%) of researchers plan to pursue research on infrastructure networking technology in the next year followed by web technologies (34%).

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Logical and Physical Vulnerabilities, According to the Black Hats

Blog Topics

Security Blog

On the Track of OSAC

Recent Comments

Insufficient information

Thankyou so much for sharing such an informative...

I just wish my mechanical lock had a...

security

Security

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog