Risk Based Security To Present At Black Hat and DEF CON

Risk Based Security will be attending and presenting our research in Las Vegas!

 If you will be attending Black Hat or DEF CON or in the area, let us know. We would love to meet with you or come hear us speak!


Thursday, August 7, 2014 | 9:00 AM

Many developers today are turning to well established third-party libraries to speed the development process and realize quality improvements over creating an in-house proprietary font parsing or image rendering library from the ground up. Efficiency comes at a cost though: a single application may have as many as 100 different third party libraries implemented. The result is that third-party and open source libraries have the ability to spread a single vulnerability across multiple products, exposing enterprises and requiring software vendors and IT organizations to patch the same vulnerability repeatedly. How big of a problem is this? What libraries are the biggest offenders for spreading pestilence? And what can be done to minimize this problem? This presentation will dive deep into vulnerability data and explore the source and spread of these vulnerabilities through products, as well as actions the security research community and enterprise customers can take to address this problem.

Jake Kouns, Chief Information Security Officer,  Risk Based Security
Kymberlee Price, Director of Ecosystem Strategy, Synack

Screw Becoming A Pentester – When I Grow Up I Want To Be A Bug Bounty Hunter!

Saturday, August 10, 2014 | 10:00 AM

Everywhere you turn it seems that companies are having serious problems with security, and they desperately need help. Getting into information security provides an incredible career path with what appears to be no end in sight. There are so many disciplines that you can choose in InfoSec with the fundamental argument being whether you join Team Red or Team Blue. Most people tend to decide on the Red team and that becoming a professional pentester is the way to go, as it is the most sexy (and typically pays well). However, with bug bounties currently being all the rage and providing a legal and legitimate way to profit off vulnerability research, who really wants to be a pentester, when you can have so much more fun being a bug bounty hunter!

Carsten Eiram, Chief Research Officer,  Risk Based Security
Jake Kouns, Chief Information Security Officer,  Risk Based Security