BSides San Francisco: Announcing BuildItSecure.ly
At BSides San Francisco this year just a few days prior to the 2014 RSA Conference, our Senior Security Researcher Zach Lanier (@quine) and Mark Stanislav (@markstanislav) gave a talk on The Internet of Things: We've Got to Chat.
What is meant by the “Internet of Things” (IoT)? Referring to the explosive growth of the number of devices and innovative technology connecting to the Internet, the IoT is a reflection of rapid vendor response to consumer demand.
But the IoT has now reached a tipping point, as vendors that choose time-to-market and profits over ensuring device security can present serious risk to unknowing consumers.
If you missed it, view the slides below:
To remedy this situation, Mark and Zach debuted a new security resource, BuildItSecure.ly. Their mission is to:
Provide the information, resources, guidance, and community necessary to help small commercial and independent developers, makers, and inventors of hyperconnected, pervasive computing devices make security-conscious design decisions.
Additionally, incentivize independent security research and reporting/coordinated disclosure of vulnerabilities/flaws in those very same devices.
Coming in April 2014, BuildItSecure.ly seeks to provide IoT innovators with the tools needed to ensure security in a time of interconnected design and device production.
By giving security researchers a forum to report vulnerabilities and connecting them with IoT developers in order to remediate, BuildItSecure.ly creates a community to bridge the gap between innovation and security.
Vendors and organizations in the Internet of Things space are highly encouraged to reach out to Mark and Zach if they would like to be part of the initiative. Over the coming months, they will be working with security researchers, vendors, and relevant organizations to begin to formalize resources and process to help secure the devices we’re all putting on the Internet in droves.
Stay updated on the latest BuildItSecure.ly news by following @BuildItSecurely on Twitter.
Mark Stanislav, Security Evangelist at Duo Security
Mark Stanislav (@markstanislav) is the Security Evangelist for Duo Security, an Ann Arbor-based startup focused on two-factor authentication and mobile security. With a career spanning over a decade, Stanislav has worked within small business, academia, startup and corporate environments, primarily focused on Linux architecture, information security and web application development. He earned his Bachelor of Science Degree in Networking & IT Administration and his Master of Science Degree in Technology Studies, focused on Information Assurance, both from Eastern Michigan University. He also holds his CISSP, Security+, Linux+ and CCSK certifications.
Zach Lanier, Senior Security Researcher at Duo Security
Zach Lanier (@quine) is a Senior Security Researcher at Duo Security. Though an old net/web/app pen tester type, he has been researching mobile and embedded device security since 2009, ranging from app security, to platform security (especially Android); to device, network, and carrier security. He has presented at various public and private industry conferences, such as BlackHat, DEFCON, INFILTRATE, ShmooCon, RSA, Amazon ZonCon, and more. He is also a co-author of the upcoming “Android Hacker’s Handbook” (published by Wiley).