Offense wins games, Defense wins nothing
They are a billion dollar company, it’s a joke they can’t get this right!!1! … is an argument we’ve all heard (and supported on occasion) before. It’s a convenient and tempting position to take. Still, as it is typical in security, things are a bit more complicated. In this talk, we’ll take a peak behind the curtain to look at the various technical and non-technical reasons that actually make mobile security defense a perhaps surprisingly difficult grind. Drawing from my experiences in the trenches of secure development and incident response work, I will try to give you an idea of the complexity of the problems that product security teams face. From this, we will attempt to draw some lessons that defense teams can apply to their resource allocation strategy. On the other side of the coin, the talk will hopefully give all you bughunters and fledgling cyber merchants of death some ideas about where to look when trying to assess the security maturity of a player in this space.