軟體安全漏洞都有自己的生命週期，從發現到攻擊、再到修補，然後，通常就銷聲匿跡。對於這生命週期的每一階段，企業可採取不同的措施來盡量降低自己及客戶所面臨的風險。但不幸的是，許多產業在試圖回應漏洞時，都會因其產品與製造流程上的特性而面臨一些獨特挑戰。例如，汽車本身就擁有複雜的供應鏈與眾多第三方元件，這些都必須隨時保持更新並加以強化，才能抵禦現代化攻擊。

本演講探討各種產業在處理漏洞並監控威脅情勢時，須注意的一些特殊領域。我們從趨勢科技 Zero Day Initiative 全球最大非限定廠商獨立漏洞懸賞計畫以及 Pwn2Own 駭客大賽所學到的經驗，檢視產業該如何因應這些挑戰，以及業界在哪些地方做得不錯、哪些地方則有待改善。最後，我們會提出了一些軟硬體廠商在管理漏洞生命週期時可以列入考量的建議。

Premiere: 5/15 12:00 - 12:30 

Replays: 5/15 18:00 - 18:30, 5/16 00:00 - 00:30

Security bugs in software have a lifecycle-they go from discovery to exploitation to patch and then-usually-they go away. At each stage of this lifecycle, organizations can take different approaches to minimize the risk to themselves and their customers. Unfortunately, many industries find themselves with unique challenges when trying to respond to vulnerabilities due to the nature of their products and manufacturing processes. For example, vehicles have complicated supply chains and many third-party components that must be kept current and harden to defend against modern attacks.

This presentation examines some of these unique areas that various industries should be aware of when it comes to handling vulnerabilities and monitoring the threat landscape. Based on lessons learned from Trend Micro’s Zero Day Initiative, the world’s largest vendor-agnostic bug bounty program, along with the Pwn2Own hacking contest, we examine how industries have tackled these challenges, where they were successful, and where they failed. Finally, we highlight some recommendations hardware and software manufacturers should consider when managing the lifecycle of vulnerabilities.