Bryan Owen and OSIsoft have been supporters of ICS security research for almost a decade now. And Bryan had another interesting and pithy 15 minute session at S4x14.
He covers 15 cyber incidents from around the world that affected their products and company … and the lessons learned. For example he discusses how Microsoft was not advertising patches to systems where the vendor repackaged the Windows Common Control, and how this led to OSIsoft not delivering a required patch in a few different cases.
In the video you see some of the challenges that vendors face in delivering secure applications and systems. #6 has been one of my hot buttons for years with specific ICS directories being excluded from malware detection.