Few people would consider the RSA Conference anything like the Wild Wild West. But there will be one showdown at high noon — when security experts battle it out to see who can find vulnerabilities on websites the fastest and most efficiently.
On Tuesday and Wednesday of the RSA Conference, contestants participating in the Interactive Testing Challenge (ITC) will have a half-hour to test two websites and find as many bugs as possible, earning points for every flaw they find. The top players from each day will be invited back at 4 p.m. the same day for a face-off, when they will compete on different sites for 45 minutes. The competition ends when the final two contestants test their vulnerability-hunting skills at noon on Thursday, Feb. 16. The best vulnerability-finder will be crowned Thursday at 1 p.m.
The competition often draws curious spectators — who will not have to squint to see small monitor screens; daily face-offs will be broadcast on large-screen TVs for optimal viewing. Herbert Thompson, chief security strategist with Security Innovations (SI), will provide commentary during the competition. SI, which manages and administers the ITC, first began the program at RSA Europe in 2004. This year's RSA Conference will be the first time it takes place in the U.S. Ed Adams, the chief executive officer of Security Innovation, says the competition is both fun and purposeful.
"We think it's a great way to generate interest in security," he says. "When the face-offs are going on, our goal for them is to be highly educational as much as they're highly entertaining."
The ITC also puts a human face on application security, a field few people truly understand before seeing it in person, Adams adds.
"We're trying to educate people, many of whom have not seen this before," Adams says. "We're thrilled RSA is giving this as much publicity as they can."
The ITC also helps to bring security into focus for those people who are less familiar with the reasons it is so crucial to everyone, including those not directly involved in the field, adds Thompson.
"For many people who aren't involved with it, security is something that is not real to them," Thompson says. "This lifts up the curtain, and lets people see behind to who the wizard is behind the curtain."
INNOVATION STATION: Winning over the VCs
Innovation Station features yet another competition, but for start-up companies. Over 40 companies registered to be selected, however there are only 12 spots to fill, says Sandra LaPedis, area vice president and general manager for RSA Conferences.
The high interest in this offering, which will be situated on the RSA Conference floor, centers around a competition in which participating companies will get the chance to extend "an elevator pitch" about their company to a panel of judges comprised of venture capitalists (VCs). The company that wins over the VCs will then have appointments with each during which they may be given funding and marketing help.
"It's kind of a neat thing to do for those start-up companies that potentially are looking for more funding or haven't positioned themselves in the market," she says.