cybersecurity


Security Vulnerabilities in Third Party Code: FIX ALL THE THINGS!

Location: Salon D
April 12th, 2016
2:45 PM - 3:45 PM

Many developers today are turning to well established third-party libraries to speed the development process and realize quality improvements over creating an in-house proprietary font parsing or image rendering library from the ground up. Efficiency comes at a cost though: a single application may have as many as 100 different third party libraries implemented. The result is that third-party and open source libraries have the ability to spread a single vulnerability across multiple products- exposing enterprises and requiring software vendors and IT organizations to patch the same vulnerability repeatedly. How big of a problem is this? What libraries are the
Read more  »

Kymberlee Price

Senior Director of Researcher Operations, Bugcrowd

Securing Software by Construction

Location: Salon D
April 11th, 2016
2:45 PM - 3:45 PM

The high-profile attacks and data-breaches of the last few years have shown us the importance of securing our software. While it is good that we are seeing more tools that can analyze systems for vulnerabilities, this does not help the programmer write secure code in the first place. To prevent security from becoming a bottleneck--and expensive security mistakes from becoming increasingly probable--we need to look to techniques that allow us to secure software by construction. This talk has two parts. First, I will present technical ideas from research, including my own, that help secure software by construction. Even though these
Read more  »

Jean Yang

Creator, Jeeves