adam121 - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Is the RSA 2015 'booth babe' ban a win for women in security?

News roundup: The ban of "booth babes" at RSA Conference 2015 has been met with praise; does it equal an increase of women in infosec? Plus: Cyberthreat data-sharing bill advances; Flash flaw exploited days after patching; new twist on Google Play app vetting.

Updated guidelines published by RSA Conference may prove the tides are turning when it comes to women in the information security field.

The language of the Exhibitor Rules and Regulations for the 2015 conference, being held next month at San Francisco's Moscone Center, put stricter regulations on the dress code of exhibition staff.

Long a hot-button issue at IT conferences, "booth babes" or "booth bunnies" (or the less-demeaning "professional model") are common terms for the attractive models in suggestive clothing that companies often station at their booths to attract the attention of passersby. They have become common at a variety of conferences, sporting events and gaming or comic conventions.

But that may be changing. In a written statement to SearchSecurity, an RSA conference spokesperson confirmed the following addition to RSAC's rules and regulations:

All expo staff are expected to dress in business and/or business casual attire. Exhibitors should ensure that the attire of all staff they deploy at their booth (whether the exhibitor's direct employees or their contractors) be considered appropriate in a professional environment. Attire of an overly revealing or suggestive nature is not permitted.

The new RSA dress-code ruling prohibits "tops displaying excessive cleavage," "tank tops, halter tops, camisole tops or tube tops," and "miniskirts or minidresses."

These bans, which apply to all male and female exhibition staff, will be strictly enforced. "We reserve the right to request that individual booth staff change their attire or leave the premises immediately," said RSA Conference in its policy, "if we feel that their appearance might be offensive to other exhibitors or attendees."

Is the lack of women in infosec trend shifting?

The predominantly male information security field has been called out in the past for failing to welcome women into the field, something that many in infosec are striving to overcome.

At least year's Cybersecurity Management Summit at Bay Path University, Facebook Security Operations Director Jennifer Lesser Henley discussed the importance of breaking the gender gap.

"We have to acknowledge that a diverse group of employees can help change the game," said Henley, who is speaking about the topic at RSA Conference 2015 as well. "We need to start dispelling the myth that security is a homogenous group of individuals and that we don't let anyone else in."

RSA Conference 2015 will also host, like last year, an Executive Women's Forum Reception featuring Unchartered Play Inc. Co-Founder and CEO Jessica Matthews.

A session will also be held Monday, April 20, addressing women's participation in the workforce. The presentation, "Breaking the Glass Firewall: The Changing Role of Women in IT Security", features a panel moderated by journalist Fahmida Rashid and including Cloudmark Inc. Engineering Director Angela Knox, Department of Justice CISO Melinda Rogers, Skybox Security Inc. Vice President Michelle Cobb, and Outlier Security Inc. COO Penny Leavy.

Interestingly, the description of this year's session on women in security includes the same low statistic -- 11% -- of women in the global information security workforce as last year's session description.

While some may say RSA is behind the times in its booth babe ban -- gaming conventions EGX and PAX previously banned booth babes, and the Consumer Electronic Show, notorious for its models, has policies, albeit loose ones, on exhibitor attire -- the decision for this year's conference has been met with praise.

In other news

  • Members of the House of Representatives' Intelligence Committee unanimously approved a proposed cyberthreat data-sharing bill Thursday morning; it will now advance to the full House as soon as next month. The Protecting Cyber Networks Act, which was introduced into legislation on Tuesday, aims to make it easier for companies to share cybersecurity threats with the government without the fear of being sued. The Senate Intelligence Committee approved a similar bill last month; the House Homeland Security Committee is expected to release a bill encouraging threat-sharing through the Department of Homeland Security. While the Protecting Cyber Networks Act has been met with criticism of privacy loss, the bill aims to "protect privacy by, among other things, requiring private entities to remove personally identifiable information from the data before sharing cyberthreat indicators and by prohibiting the government from forcing private sector entities to provide information." It also "does not allow for sharing information for non-cyberthreat purposes."
  • A flaw in Flash Player that Adobe Systems Inc. patched March 12 has reportedly been exploited in the wild, and has been found in both the Nuclear and Angler exploit kits. The vulnerability, CVE-2015-0336, highlights the importance of timely patching in the enterprise. FireEye Inc., Malwarebytes Corp. and Trend Micro Inc. all published blog posts reporting use of CVE-2015-0336 in exploit kits. Malwarebytes Senior Security Researcher Jérôme Segura noted in the company's blog that patching must occur on a regular basis to avoid known vulnerabilities. For those companies that cannot patch right away due to internal testing, "such systems should ideally be sandboxed from the rest of the network or be running anti-exploit software designed to block known and unknown exploits."
  • The security of apps in the Google Play store may see a boost following the company's announcement that manual checks will be added to its application-vetting process. In a blog post published last week, Google Play Product Manager Eunice Kim wrote about a new process implemented by Google "several months ago" that includes reviewing apps before they are available on the Google Play store. This added security buffer "involves a team of experts who are responsible for identifying violations of our developer policies earlier in the app lifecycle." While apps still go through regular automated scans, the experts will add an additional layer of security. Google Play has long been criticized for failing to vet flawed and even malicious apps, but expert Graham Cluley believes it is on the right track to improvement. "It's probably too early to say that this will be the end of malicious content being published in the official Android marketplace," Cluley said, "but it sounds like a step in the right direction."

Next Steps

Are booth babes a step back for women in technology? Learn what readers say.

Even though you won't need it for this year's RSA Conference, don't miss ComputerWeekly's "A girl's guide to booth babe survival."

Plus, find out how threat intelligence can give enterprises an upper hand in security, how to reduce Flash security risks and how to ensure mobile app security in the enterprise.

Dig Deeper on Security industry market trends, predictions and forecasts