BSidesSF 2018 has ended
View analytic
Sunday, April 15 • 1:30pm - 2:00pm
So you think you can patch: The game show that questions your security assumptions

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Few people know that the game show was actually a Victorian invention, although they were a bit more erudite in the airship era. In this week’s episode of “So you think you can patch,” we explore what happens when patching isn’t so simple. Contestants and the audience will face situations when security updates may not be the straightforward solution, for end users or modern enterprises. How will they handle notice, failure, and bricking? Should this sort of thing be mandated by law, contract, or risk of lawsuit? What policies, technologies and market solutions can help? Our contestants will be humiliated for wrong answers and failing to appreciate the nuance of security, and everyone will win as they gain a better understanding of how solutions need to reflect and build on the realities on the ground.


John Banghart

Senior Director for Technology Risk Management, Venable
Former government lackey, current private sector lackey. Has spent 25 years patching systems, developing standards for vulnerabilities, developing infosec policy, and telling other people why they should or shouldn’t patch their stuff.
avatar for Allan Friedman

Allan Friedman

Director of Cybersecurity, NTIA - US Dept of Commerce
Allan Friedman: Government technocrat, and game show host impressario. 2 years working on IoT patching policy, but worries about over-regulation. 15 years of infosec policy experience.

Kent Landfield

Chief Standards and Technology Policy Strategist, McAfee
Former chief vulnerability architect turned policy wonk (sliding to the dark side) working with and developing vulnerability-related standards and initiatives such as CVE. Identification and remediation rules!

Wendy Nather

Director, Advisory CISOs, Duo Security
Former gnome of Zurich, government lackey, industry analyst, and threat intel sharer — which means she is never surprised by a lack of patching. She’s now trying to make things better by playing for Duo Security.

Sunday April 15, 2018 1:30pm - 2:00pm