Denial, anger, bargaining, depression and acceptance: Stages of reporting 0-days to Russian vendors

The substitution of foreign ICS systems is an interesting process from the point of view of vulnerability searching. On the one hand, foreign companies have already made much progress in fixing vulnerabilities in their devices. On the other hand, international practices and experience of development, working with vulnerabilities and disclosing them are neglected by Russian vendors. In this talk, I will tell you several real-life stories of interacting with Russian ICS vendors and compare the experience of working with vulnerabilities in the products of both foreign and Russian vendors.

Vladimir Dashchenko

Vladimir Dashchenko is a UFU graduate in the field of information security. He started his career as a security engineer in the State Corporation for Space Activities. His research interest is focused on smart and not-so-smart devices, ICS, IoT, IIoT, and so on. Currently, Vladimir leads a vulnerability detection team in Kaspersky Lab ICS CERT.

Social sharing