CypherCon 2024

25 Years of Vulnerability Mismanagement

HD Moore

Abstract:

Within the realm of security operations, vulnerability management exerts a gravitational pull, distorting reality to embrace its capabilities and challenges. This retrospective odyssey delves into the history, present, and future of vulnerability management. We’ll traverse the terrain of mistakes made, untangle the threads of market dynamics that have shaped its course, and illuminate the pathways to extracting the utmost insight from the tools you possess.

Importance: This presentation focuses on the evolution of vulnerability management, with a critical view of how assessment methodology and reporting has changed over time, and the reasons for these changes. This review is important for understanding why tooling is where it is today and what folks can do to get the most value from these tools given these constraints.

HD Moore Hacker

HD Moore

Most recognized for creating Metasploit

HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure.

HD serves as the CEO and co-founder of runZero, a provider of cutting-edge cyber asset management software and cloud services. Prior to founding runZero, he held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD has also been a frequent speaker at industry events such as Black Hat and DEF CON.

HD’s professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and hacking into financial institution networks. When he’s not working, he enjoys hacking on weird Go projects, building janky electronics, running in circles, and playing single-player RPGs.