OWASP AppSec DC 2012/Project Basecamp News from Camp 4

The Presentation
For over a decade the control systems security community has been quietly saying that controllers are fragile devices that should not be scanned or fuzzed. The community debated for years about proper disclosure methods, yet the control systems themselves have seen little improvement. Project Basecamp rocked the community by releasing detailed vulnerability reports about the systems used in critical infrastructure, as well as tools needed to exploit those vulnerabilities. Like the climbers in Yosemite, the Project Basecamp team is not going away. In Camp 4, Reid covers new industrial controller vulnerabilities, exploits, and vendor responses to the disclosures.