LAS VEGASFacebook Chief Security Officer Alex Stamos outlined his views in an hour-long keynote at the Black Hat USA conference here on how the security industry should improve and also announced new investments to boost security.
Stamos is no stranger to Black Hat, which is celebrating its 20th anniversary this year. He said that in the early days there was a much more adversarial atmosphere at the event. He noted that in the early years, the true impact of internet security wasn’t well understood, but today that’s no longer the case with security breaches making headlines on a regular basis.
“We’re no longer the hacker kids fighting against corporate conformity,” Stamos said. “We don’t fight the man anymore, we are the man, but we haven’t changed how we view our responsibilities.”
In Stamos’ view the security industry as represented at Black Hat has a responsibility to help improve security in ways that it still hasn’t achieved to actually help make people live’s safer. He noted that often security research is focused on complexity and not the actual harm of cyber-attacks.
As a community, he said that there is an over-weighted focus on incredible security exploits and zero-days, though that’s not what the bulk of actual security issues are. The vast majority of things that end up harming internet users are items that he labels as abuse, which includes be things as simple as spam, password re-use or harassing someone online.
“As a community overall we not yet living up to our potential,” Stamos said. “We have perfected the art of finding problems without fixing the root issues.”
Security nihilism is a condition that Stamos said is prevalent in the industry, with many people holding that view that most threats are from advanced hacker and nation-state adversaries.Stamos emphasized that while zero-day issues are important there needs to be more conversations about standard security issues. He also wanted the audience to remember that users aren’t the problem.
“The modern world of technology is built on tightropes and we haven’t put nets underneath,” Stamos said. “Every single day we ask people to walk the tightrope and if they fall off, we say sorry can’t help you.”
Facebook’s CSO didn’t just take the stage just to deliver a sermon to his Black Hat audience on what they should do. He also used his time to explain what his company is doing to make the internet safer for everyone. Facebook recently renewed its’ support of the Internet Bug Bounty which pays security researchers for finding vulnerabilities in open-source software.
Stamos also announced $1 million in new funding for the Internet Defense Fund to help encourage original research into practical defensive technologies. Topics that Stamos is interested in include research on how to improve security patching. Stamos added that Facebook is already working on making sure that its users can stay safe while working on unpatched operating systems.
“This room is full of $800 fully patched smartphones, but that’s not how it is in the rest of the world,” Stamos said. “There are lots of unpatched devices and we can’t say they aren’t worth protecting.”
Stamos also recognized the role that Facebook played in the recent U.S. election and in elections around the world. To that end, Facebook is now also a founding sponsor of the Defending Digital Democracy Project, which is an initiative at the Harvard University’s Belfer Center to help secure elections.
“We’re working with Harvard to help protect democracy,” Stamos said. “We are thinking about how to help election campaigns help themselves and setup good IT infrastructure.”
Stamos also advocated for more diversity in the security industry, both in terms of gender and background to better reflect the broader internet community that the security industry is supposed to be protecting.
“It’s a critical moment for our industry. We have been asking people to pay attention to us and now they are,” Stamos said.
With that focus he wants security professionals to have empathy for the people that use the technology that the security industry builds. He also wants to shift the focus from the spectacular hacks to actually fixing real problems.
“I want as much thought a possible put into out how we eliminate entire classes of vulnerabilities and not just how to do spectacular demos on stage,” he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
See the original post:
Facebook Donates $1M in New Funds for Internet Security at Black Hat – eWeek
- Avast Internet Security Review 2018 - We Hate Malware - November 8th, 2018
- Security Packages | High-Speed Internet | Windstream - November 8th, 2018
- Antivirus vs Internet Security [Security Software Comparison] - November 8th, 2018
- Internet Security Lectures by Prabhaker Mateti - November 8th, 2018
- Vipre Internet Security 2016 Free Download - Softlay - November 8th, 2018
- Internet security software Reviews 2018 - Compared & Reviewed - November 2nd, 2018
- Exhibit A - Internet Security Requirements - November 2nd, 2018
- CIS Benchmarks - Center for Internet Security - November 2nd, 2018
- Kaspersky Internet Security 2018 Crack + License Key [Latest] - October 12th, 2018
- Zillya! Internet Security | Best Security Solution for Active ... - October 12th, 2018
- Download Norton Internet Security 18.104.22.168 - softpedia.com - October 9th, 2018
- Avast Internet Security 2018 Activation Code, Serial Key Till ... - October 9th, 2018
- Download Avast Internet Security 18.6.2349 Build 18.6.3983 ... - October 9th, 2018
- Download McAfee Internet Security 19.0 Build 19.0.4016 - October 3rd, 2018
- AVG Internet Security 2018 Free Download - FileHippo - October 3rd, 2018
- Internet Security - Quick Heal - October 3rd, 2018
- Kaspersky Internet Security 2019 v22.214.171.1248 | Software ... - October 3rd, 2018
- VIPRE Internet Security Review & Comparison - September 22nd, 2018
- Internet Security Suite | Verizon Internet - September 20th, 2018
- Antivirus Security Software & Internet Security - Newegg.com - September 19th, 2018
- Amazon Best Sellers: Best Internet Security Suites - September 7th, 2018
- Download Bitdefender Internet Security 2019 126.96.36.199 - August 24th, 2018
- Best (and Worst) Internet Security Software of 2018 for Windows - August 18th, 2018
- Amazon.com: Kaspersky Internet Security 2018 | 3 Device | 1 ... - August 8th, 2018
- AVG Internet Security - Free download and software reviews ... - August 3rd, 2018
- Top 3 Internet Security Software Suites Reviews ... - July 26th, 2018
- GRC | LeakTest -- Firewall Leakage Tester - July 26th, 2018
- Internet Security is an important part of Identity Theft ... - June 22nd, 2018
- V3 Internet Security | AhnLab - June 22nd, 2018
- Internet Security with Xfinity - Norton Security Online - June 17th, 2018
- Best Internet Security Software Compared - May 25th, 2018
- Computer and internet security software Chili Security - May 21st, 2018
- Internet Security Market Size, Share and Technology, 2021 - May 21st, 2018
- Center for Internet Security - Wikipedia - May 10th, 2018
- Download Webroot SecureAnywhere Antivirus & Internet ... - May 1st, 2018
- AVG Internet Security 2018 review | Ultimate antivirus ... - April 29th, 2018
- The Internet Security Academy - SAHCOM Technologies LLP - April 27th, 2018
- These files can't be opened. Your Internet security ... - April 20th, 2018
- How to Uninstall Norton Internet Security: 12 Steps - April 20th, 2018
- Internet Security Software at Office Depot OfficeMax - April 19th, 2018
- Why is Internet security important? | Reference.com - March 26th, 2018
- AVG Internet Security Unlimited 2018 18.2.3827 20% OFF ... - March 25th, 2018
- Trend Micro Titanium Internet Security - Download - March 21st, 2018
- Kaspersky Mobile Antivirus: AppLock & Web Security ... - March 21st, 2018
- Why do I Need Internet Security - The High Tech Society - March 21st, 2018
- Cincinnati Bell - Other Services Support - March 21st, 2018
- Internet Security Essentials for Business 2.0 | U.S ... - March 21st, 2018
- ESET Internet Security 10.0.386.0 Crack + License Keys ... - March 21st, 2018
- Privacy and Security in the Internet Age | WIRED - March 19th, 2018
- News & Events | K9 Web Protection - Free Internet Filter ... - March 19th, 2018
- 10 Internet Security Programs (for Windows), Ranked Best ... - March 7th, 2018
- AVG Internet Security 2015 Free Download - getintopc.com - March 3rd, 2018
- McAfee Internet Security Download - softpedia.com - February 28th, 2018
- COMODO Internet Security Download - softpedia.com - January 30th, 2018
- Best Internet Security Software 2018 - The best rated ... - January 28th, 2018
- Comodo Antivirus - Best Virus Removal Software 2018 - January 13th, 2018
- ZoneAlarm Antivirus Software | Virus Protection & Firewall - January 13th, 2018
- What Is the Meaning of Internet Security? | Techwalla.com - January 12th, 2018
- Download Avast Internet Security 17.7.2314 - FileHippo.com - January 12th, 2018
- Vipre Antivirus VIPRE Internet Security - January 12th, 2018
- AVG Internet Security 2018 License Key With Crack Full Version - January 8th, 2018
- CA Internet Security Suite Plus - Download - December 27th, 2017
- Collaborative Security: An approach to tackling Internet ... - December 27th, 2017
- Norton Internet Security - Download - December 20th, 2017
- Best Internet Security 2017 - Total Security Software for ... - December 20th, 2017
- Get the Best Internet Security Software of 2016! - December 20th, 2017
- Internet Security Administrator: Job Description and Requirements - December 19th, 2017
- Top 10 Cheap Antivirus and Internet Security Protection for ... - December 19th, 2017
- Download AVG Internet Security Unlimited - FileHippo.com - December 19th, 2017
- Norton Internet Security - softpedia.com - December 19th, 2017
- Internet Security - Cisco - December 19th, 2017
- Best Antivirus Software, Internet Security & Malware Removal - December 19th, 2017
- internet security | eBay - October 26th, 2017
- Avast Internet Security Download - softpedia.com - October 20th, 2017
- Internet Security Software | Trend Micro - October 3rd, 2017
- Lenovo Faces No Significant Penalty for Security-Destroying Superfish Debacle - ExtremeTech - September 7th, 2017
- 25% Upside Seen In Palo Alto, Argus Research Upgrades To Buy - Benzinga - September 5th, 2017
- How to: Your essential guide to internet security - PC Authority - September 5th, 2017
- Internet security startup founded by former CIA analyst raises $40 million - San Francisco Business Times - September 2nd, 2017
- CyberRehab's mission? To clean up the internet, one ASN block at a time - The Register - September 2nd, 2017