Black Hat USA 2010 //extra

Caesars Palace Las Vegas, NV • July 24-29

Register Now //special events

2010 pwnie awards

In 2010 the BlackHat USA conference is once again providing the venue for the Pwnie Awards, the security industry's premier award show celebrating the achievements and failures of the security community over the past year.

The fourth annual ceremony will take place on July 28th, 2010 in Las Vegas at the BlackHat reception in Caesar's Palace.

Award categories

In 2010 there will be nine award categories in which to win Pwnies:

  • Best Server-Side Bug
  • Best Client-Side Bug
  • Pwnie for Mass 0wnage
  • Most Innovative Research
  • Lamest Vendor Response
  • Most Overhyped Bug
  • Best Song
  • Most Epic FAIL
  • Lifetime Achievement

Nominations for the above categories will be accepted until July 15 and the list of nominees will be announced in the week before the award ceremony. For more information about the awards or to submit a nomination, please visit the official Pwnie Awards website at

Black Hat Arsenal

Do you have a great tool or demo that you have been dying to bring to the attention of the Black Hat community?

This year Black Hat, in cooperation with Peak Security, is pleased to offer a Tool/Demo area for independent researchers and the open source community that will allow you to showcase your work... more info »

// July 28 & 29

Black Hat Crawl

// Wednesday July 28, 18:00 - 21:00
// Caesars Palace: PISA + PALERMO, TREVI

When the annual Black Hat reception starts to wind down and you're looking for a place to go, don't fret, because the Black Hat Crawl will just be getting warmed up. The Black Hat Crawl will feature themed rooms from key exhibitors RSA & Stonesoft; offering conference delegates a venue to continue their technology conversations and networking activities. Participating Crawl sponsors have gone the extra mile in providing food and drinks, along with opportunities to win some fabulous prizes. Opportunities to win prizes take place in Pisa + Palermo and Trevi directly following the Gala Reception.

¡Fiesta! ¡Fiesta! Salsa your way into the Trevi room and join Stonesoft for a memorable evening - complete with a piñata swing. Take aim and enter to win an iPad! Be sure to check out the many activities Stonesoft has planned - from high-demand giveaways such as limo service and a Hack the Lab event.
get more info »


Black Hat Crawl Sponsor RSA Black Hat Crawl Sponsor Stonesoft

RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle - no matter where it moves, who accesses it or how it is used. For more information visit

Stonesoft Corporation is an innovative provider of integrated network security solutions to secure the information flow of distributed organizations. Stonesoft customers include enterprises with growing business needs requiring advanced network security and always-on business connectivity. For more information visit


// Tuesday July 27, 1700 - 1830hrs
// Caesars Palace: Neopolitan

Do you have an idea about how to improve software security? Then we want to hear from you at Brainstorm 2020: A Vision for Software Security.

Join the Software Assurance Forum for Excellence in Code (SAFECode) at Black Hat USA on July 27th at 5:00pm for an informal community brainstorm designed to help us define a shared vision for software security and identify new, forward-thinking ideas about how to make it happen.

We want you to share your thoughts on two key questions:

  • What should our vision be for software security in 2020?
  • What are your ideas for leap-ahead approaches to advance software security over the next ten years?

On hand to participate in the brainstorm will be members of SAFECode including:

  • Steve Lipner, Senior Director of Security Engineering Strategy, Microsoft Corporation
  • Brad Arkin, Director of Product Security and Privacy, Adobe Systems Incorporated
  • Gary Phillips, Senior Director, Standard Tools and Technologies, Symantec Corporation
  • Janne Uusilehto, Head of Product Security, Nokia

Attendance is free, but registration is required and space is limited, so please register today

You do have the option to submit your ideas on the questions above when you register, or you can wait to present them at the event on July 27 – it’s your choice. And if you can’t attend but have an idea to share, you may submit it online at

Learn more about the event and register today

About SAFECode

The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. Its members include Adobe Systems Incorporated, EMC Corporation, Juniper Networks, Inc., Microsoft Corp., Nokia, SAP AG and Symantec Corp. For more information, please visit

Cloud Security Alliance Summit

The CSA will be hosting the second “Cloud Security Alliance Summit” at this year’s Black Hat USA. The half-day summit is open all Black Hat USA 2010 Briefings registrants and will take place on Wednesday July 28th. The summit will feature the following speakers and presentations... more info »

// July 28

Executive Briefings

One hundred executives from Global 2000 corporations and federal agencies are invited to attend a full day of high-level discussions about topics unique to Black Hat... more info »

// July 27th: 0800hrs - 1730hrs

Executive Women’s Forum

The Executive Women's Forum Meet & Greet July 29th 1:00 -3:00 Pisa Room 3rd floor The Executive Women's Forum on Information Security, Privacy and Risk Management invites all of the women attending Black Hat to a Meet & Greet.

Join us for a drink and enjoy the company of your colleagues in a fun, relaxed, professional get together. Engage and connect with the most dynamic personalities; the women in Information Security  who make it happen.  Participate in a discussion about "The Strength of your Network" and  get to know each other over cocktails.

// July 29th: 1300hrs - 1500hrs

ISSA Panel

Responsible, Full, Half and Half, Medium-Rare: Flavors of Disclosure

Has something broken once more in the responsible disclosure mechanism?

Recent events suggest that ethical and responsibility issues we debated to death are actually back, and more threatening than ever. Black Hat is historically no stranger in this controversy, and so we ask the attendees to join us to discuss responsibility, research, and their impact on our profession.

Attendees gain:

  • A first-hand proposition of the current issues with vulnerability disclosure, told by some key players
  • A review of current best practices, and of why they are progressively getting more and more difficult to apply
  • A healthy and heated exchange of opinions between researchers, vendors, government and industry customers.

Moderator: Pam Fusco, Director, ISSA


  • Dan Kaminsky, Chief Scientist, Recursion Ventures
  • Katie Moussouris, Senior Security Strategist, Microsoft
  • Ira Winkler, President and CEO, Internet Security Advisors Group
  • Stefano Zanero, Assistant Professor, Politecnico di Milano

// July 29th: 1515hrs - 1630hrs

Security Innovation Network Panel

For four years before joining Alltel, Schaffer was a director in PricewaterhouseCoopers, LLP, Cybercrime Prevention and Response Practice, where he developed and implemented computer forensic examinations in connection with major internal investigations at Fortune 500 companies. Previously, Schaffer served as a computer crime prosecutor in the Computer Crime and Intellectual Property Section at the U.S. Department of Justice from 1997-1999. Prior to joining the Justice Department, Mr. Schaffer was a partner with the law firm of Manatt, Phelps & Phillips specializing in civil litigation related to computer technology issues. Schaffer holds a J.D. from the University of Southern California Law Center and a B.A. degree from the George Washington University. // July 28th: 1515hrs - 1645hrs

Things You Wanted To Know But Were Afraid To Ask About Managing Your Information Security Career

Lee Kushner, Mike Murray

In this unique two hour guided session, The InfoSecLeaders, Mike Murray and Lee Kushner will provide Black Hat attendees with an open forum to ask questions relating to the management of their own information security career. The information shared will be pulled from their real world experiences in coaching and advising information security professionals on career related topics over the past decade as well as the questions they have received and answered in their Career Advice Tuesday column on their InfoSecLeaders blog.

Since the audience drives the program, questions will range across the entire gamut of all things that concern the Blackhat attendee and their career as an information security professional. Topics will include career planning, position selection, effective networking and personal branding techniques, and analysis of the information security employment market. In addition, tips will be provided on the topics of resume preparation, interviewing techniques, compensation negotiation and employee/employer relations.

This session is designed to provide Black Hat attendees with an alternative from the highly technical presentations. There will be an open door policy and is designed for attendees to have their personal career questions answered. Attendees can stay for 10 minutes or the entire 2 hours.

The goal is to deliver career content that the Black Hat attendees can apply and utilize to improve their personal information security career. // DATE & TIME: TBD

Your Career = Your Business

Lee Kushner, Mike Murray

The information security profession is becoming increasingly competitive. In the employment market place of the future, certifications and education alone will not be enough to ensure achievement of your long term career goals. The increasing popularity of the profession and the competence of your competition will require that you take the reins of your career.

As companies focus more on profits and revenues, they are diverting resources away from the development of their employees. This attitude has greatly impacted the shared loyalty between employee and employer. In the future, the more effective you are in the management of your information security career, the greater the likelihood that you will achieve professional satisfaction. In essence, your career will be your business, and you will be the CEO.

The goal of this session will be to provide you with a framework for managing your information security career. By relating the different components of career management to traditional business functions, you will get a detailed understanding of how your career should be managed and how you can move past your peers by more than just luck. Subjects covered will include career planning, career investments, effective career marketing and branding, position selection and compensation negotiation.

You will leave the session with a solid foundation to enable you to better achieve your long term career goals and increase your satisfaction with both your current job and with the jobs you select in the future. // DATE & TIME: TBD