A Pirate's Guide to Snake Oil and Security
HD Moore
NorthSec 2025 · Day 1 · Ville-Marie
HD Moore, creator of Metasploit and now principal at runZero, dissects the vulnerability management industry with two decades of hard-won credibility. He demonstrates that most commercial vuln scanners cover fewer than half of known vulnerabilities in controlled tests, that anti-benchmarking clauses are universal across vendor EULAs, and that practitioners can build their own comparative benchmarks entirely from public data. The talk ends with concrete evaluation criteria that any organization can apply before signing the next five-year contract. ---
AI review
HD Moore (Metasploit creator, now runZero) systematically dismantles the vulnerability management vendor ecosystem with data: anti-benchmarking EULAs are universal, the best scanner in a public benchmark detected fewer than half of 167 test CVEs, free tools (Nmap + Nuclei + OpenVAS) rival expensive platforms, and the CVE lag problem means EDR-gated vuln tools miss a 23-day exploitation window. Closes with a practitioner-usable evaluation framework.