The Tragedy of the Commons in Platform Security
We have all seen major vulnerabilities across dozens of components that are part of every device in the IT environment. As we consider the motivations of threat actors for driving into platform-level attacks, we can see that a single vulnerability or failure at this level, breaks years of investment and progress in security.
Across all the manufacturers and models and versions in use in today’s environment, such vulnerabilities are almost certainly exposed somewhere.
In this talk, we will examine examples of such issues and various approaches to solve them. We will also discuss how we can come together as a community to make meaningful improvements.
- Holtsclaw & Loucaides, An Introduction to Platform Security (UEFI Spring 2018 Plugfest)