2018-04-01, 15:45–16:45, Heisenberg 2
Transparency on basic security has helped fixing thousands of vulnerabilities and counting. The failmap project publicly names, shames and fames organizations, a strategy that works.
Willing or not, there are organizations that process (your) private information: governments, hospitals and so on. They have to be at the forefront of making sure that this information is not handed out to others, manipulated or lost…
It's very hard to see how well these organizations are doing their job. That's why we've created Failmap: this website scans organizations for subdomains and the most basic levels of information security. The results are published on a trivially simple map for the world to see.
This approach, including the naming and shaming, lead to thousands of vulnerability fixes in the Netherlands and it's time to move to other countries. Hello, friends in Germany! :)