Clint Gibler

Security Consultant, NCC Group (USA)

Paper Title

Show Me the Data: Analyzing Security Trends Across 100 Companies

Abstract

As security professionals, we’re aware of the types of security issues our company faces and we constantly read of breaches in the media. But how prevalent are specific types of vulnerabilities, such as cross-site scripting, in real companies today? We’re numbers people- we want hard data, not anecdotes.
While most would agree that publishing this information would be valuable to the community, few companies are willing to openly discuss their experiences.
In this talk, I’ll discuss insights gained from analyzing the results of running a commercial security scanner on 100 international companies across 10 industry verticals, including Financial Services, IT, and Healthcare, from 2014 through 2015, collectively representing about a million findings.


I'll examine questions such as:

  • What are the common types of vulnerabilities in real companies today? Does it vary by industry?
  • For a given type of vulnerability, how long does it take companies to ┬áremediate issues?
  • Does the time to fix depend on one or more of: the type of the vulnerability, its severity, or merely on its solution?
  • Do companies or industries tend to fix the same types of vulnerabilities in a similar time frame or is there significant variation?

Speaker Bio

Clint Gibler is a security consultant at NCC Group. Prior to joining NCC Group, Clint received a Ph.D. in computer science from the University of California, Davis, where he specialized in mobile security. Clint has been involved in a number of research projects presented at conferences including: using static analysis to detect leaks of private information in Android apps, automatically detecting Android app piracy, analyzing the impact of app piracy on Android markets and developers, and Android emulator detection. In general, Clint enjoys building tools to analyze or break software. Outside of security, Clint enjoys improve and sketch comedy.

Copyright © 2016-17 | Nullcon India | International Security Conference | All Rights Reserved