Jerry Bryant (Intel, US)
Jerry Bryant is the Director of Security Communications for the Intel Product Assurance and Security team (IPAS). Before joining Intel in 2019, he worked in the Microsoft Security Response Center where he was involved in almost every major security/product vulnerability incident since 2001. Jerry is a co-author of the PSIRT Services Framework and of the PSIRT Maturity Profiles companion document. He is also the producer of the PSIRT Services Framework video training hosted by FIRST.
---
Today’s attackers are moving towards persistence by targeting lower levels of software such as firmware to gain an invisible permanence into enterprises. Newer malware like BlackLotus have demonstrated targeting firmware for such purposes. Vulnerabilities that involve multiple vendors and a full ecosystem such as UEFI are also likely to rise. In 2023, the Cybersecurity & Infrastructure Security Agency (CISA) issued a specific call to action to bolster UEFI cybersecurity. They call out the need for vendors to improve cybersecurity, mature security teams, and operationalize security by design.
In this Birds of a Feather discussion, let’s look at this growing threat against UEFI and other firmware and the challenges in coordinating updates across the industry as well as some of the efficiency problems in getting updates to end customers. Are we positioned to tackle these problems as an industry before potential government regulations force us to? Do we need a more proactive approach to addressing issues in the supply chain? Updates can take over a year to make their way through the supply chain to the end customer. Let’s discuss the problems and what we, as an industry, can do to improve.
8 май 2024
