Winnona Bernsen
Dive into the broken, bureaucratic, and bizarre world of 0day acquisition. Over the last year, I scraped all of CTFTime, combed through the iSoon leaks, and interviewed over 30 hackers, brokers, policy wonks, and current/former spooks to map how the U.S. and China really acquire offensive capabilities.
Spoiler: China is beating us – underpaying researchers, weaponizing youth Capture-the-Flag leagues, and using vulnerability disclosure laws to create a scary funnel of exploits into their intelligence apparatus. Meanwhile, U.S. agencies cling to stealth over speed, shovel cash at defense primes, and ghost vendors mid-contract.
This talk is a breakdown of China’s terrifyingly efficient cyber-industrial complex, the U.S.’s terrifying bureaucracy around bugs, and the weird vibes of being a VR firm in a geopolitical game of Go, sticking around even though it would probably be easier to ragequit and do smart contract auditing instead. As with any good talk, there will be recommendations at the end, both for governments and for vendors.
If you’ve ever written an exploit, sold one, defended against one, or just screamed into the void about how slow the government is, this talk’s for you.