This presentation will take you into the real-world scenarios of the renowned global cybersecurity competition, Pwn2Own. From the vendor’s perspective, we will dissect how attackers successfully discover and exploit vulnerabilities in our products. We will share the technical details of these vulnerabilities and their root causes, including key oversights in development, design, and testing. In addition, we will discuss ways to enhance the Secure Development Lifecycle (SDL) to systematically prevent similar issues.

During this talk, we will explore several real-world attack cases—such as memory management errors and configuration mishaps—providing an in-depth look at how these attacks were executed and the best practices for remediation. By attending, you will gain insights into Pwn2Own attack scenarios and learn about practical security improvements that can strengthen overall product security. This presentation is particularly suited for developers interested in information security, helping you reevaluate product security measures and turn challenges into opportunities, ultimately building stronger defenses for both enterprises and end users.

Last year’s explosion in Lebanon involved a pager labeled “Made in Taiwan.” Although later confirmed to have been orchestrated by Israel, this incident underscores the critical importance of cybersecurity in electronic products.

Inadequate security in electronic devices increases the risk of supply chain attacks. Recently, the United States discovered the hacker group Salt Typhoon had conducted cyber-espionage against American telecommunications companies by exploiting vulnerabilities in network equipment. This highlights the necessity of strengthening cybersecurity measures at the source to mitigate such risks.

Starting in 2025, the United Kingdom, the European Union, and the United States will successively implement cybersecurity regulations for consumer electronics. To remain competitive in global markets, Taiwanese brands must enhance their cybersecurity capabilities and ensure compliance with these evolving regulatory requirements.

The government is committed to collaborating with the private sector to implement Security by Design, assisting manufacturers in aligning with international standards, and establishing Made in Taiwan / Made by Taiwan as a globally recognized and trusted industry. We also wish to take this opportunity to engage with industry stakeholders and share our strategic initiatives.

Threat Modeling is a must have of the Secure Development Lifecycle (SDLC) in Industrial Automation and Control Systems (IACS) and product planning. Conducting threat modeling during the early stages of product design and development, as well as ensuring compliance with security requirements, often presents numerous challenges for engineering and development teams. This speech will combine process implementation with practical experience, offering insights into following the IEC 62443-4-1 framework to establish a comprehensive process from the perspective of requirement verification and testing.

We will systematically explore the methodologies of Threat Modeling and Risk Assessment (TMRA), explaining how to identify critical threats, evaluate potential risks, and design effective mitigation measures during product development. Through anonymized real-world cases, we will demonstrate how to translate TMRA results into specific testing requirements and align them with the testing requirements of the Security Verification & Validation phase.

The session will cover:

• Threat identification and case studies
• Demonstrations of testing methods for specific threats

Additionally, we will share common challenges and solutions encountered during product certification and discuss how to establish a sustainable security maintenance mechanism.

This course is designed for product development team members, system security engineers, software security architects, and professionals responsible for certification evaluation, DevSecOps, or SDLC. Through practical recommendations, process guidance, and valuable hands-on experience, we aim to help participants build secure development processes for IACS and deepen their understanding of product security.

As global cybersecurity regulations and standards rapidly evolve, the Secure Software Development Lifecycle (SSDLC) has become a fundamental framework for addressing security challenges and ensuring product compliance. This session, led by an expert involved in SSDLC international standard development, will provide an in-depth exploration of the latest trends and future directions of SSDLC standards. Key topics include enhancing security by design, strengthening supply chain risk management, and advancing the adoption of Software Bill of Materials (SBOM).

The speaker will analyze the revision trajectory of SSDLC international standards and explain how global regulations are driving SSDLC to become a core strategy in product design and development. Through real-world case studies and emerging trends, this session will illustrate how SSDLC helps organizations navigate increasingly complex cybersecurity challenges, achieve compliance with regulatory requirements, and enhance overall product security.

By examining SSDLC from a multi-faceted, international perspective, this session will uncover its critical role and value in the next-generation security standards landscape. Attendees will gain a deeper understanding of SSDLC’s impact on strengthening security efficiency and regulatory compliance in the product development process, ultimately equipping organizations with the resilience and competitive edge to face future challenges.