Atlantic Security Conference

Patching - it's complicated!  As much as we like to point fingers of blame and malign the processes in place, the fact is that one size does not fit all when security updates get issued.

What's the definition of insanity: doing the same thing over and over. Organizations at every level seem to be struggling with staying on top of patching, but it feels more like a necessary evil rather than a best practice.

Ignorance is not bliss when it comes to uncovering longstanding widespread vulnerabilities and attempting mitigation. As Meltddown and Spectre have painfully demonstrated, we're damned if we do and damned if we don't.

I've done some real life research into the issues to find new approaches to an old problem. We need to go beyond just finding the sweet spot between mitigating business risk with vulnerability exposure. Let's talk about how can we fix this process that seems inherently broken, especially as it now affects IoT, OT and medical devices. Because the cure isn't supposed to be worse than the disease.