filmov
tv
Make It Fixable: Preparing for Security Vulnerability Reports - Patricia Aas [ CppCon 2018 ]
Показать описание
—
—
From experience we have learned that almost any surface we expose could have weaknesses. We have to have a plan on how to deal with issues as they arise, and an architecture that allows us to correct and protect in products that are already in use. When security is lifted up to the discretion of the user, however, we often fail to inform their decision properly. The usability of security and the architecture of fixability are closely connected, and both need continued refinement and focus. This talk will describe architectural and organizational features that make it easier to make corrective measures. They are down-to-earth everyday scenarios, illustrated by real world software projects and security incidents. Some of the stories are well known, some are anonymized to protect the innocent. Finally we will show examples of how difficult it is to design the user experience of security.
—
Patricia Aas, TurtleSec
Programmer
Patricia has been programming C++ professionally for 13 years, she started out working on the Opera desktop browser and has looped back to browser making in the recent years, now working on the Vivaldi browser with many ex-opera colleagues. While away from the browser world she did a stint as a Java consultant coming back to C++ when working on embedded teleconference systems at Cisco. For the last couple of years she has begun doing public speaking, after only doing in-house speaking before. She is passionate about the tech industry and its impact on peoples lives. Since January she has been active in the #include<C++> community where she is one of the admins.
—
—
*-----*
*-----*
—
From experience we have learned that almost any surface we expose could have weaknesses. We have to have a plan on how to deal with issues as they arise, and an architecture that allows us to correct and protect in products that are already in use. When security is lifted up to the discretion of the user, however, we often fail to inform their decision properly. The usability of security and the architecture of fixability are closely connected, and both need continued refinement and focus. This talk will describe architectural and organizational features that make it easier to make corrective measures. They are down-to-earth everyday scenarios, illustrated by real world software projects and security incidents. Some of the stories are well known, some are anonymized to protect the innocent. Finally we will show examples of how difficult it is to design the user experience of security.
—
Patricia Aas, TurtleSec
Programmer
Patricia has been programming C++ professionally for 13 years, she started out working on the Opera desktop browser and has looped back to browser making in the recent years, now working on the Vivaldi browser with many ex-opera colleagues. While away from the browser world she did a stint as a Java consultant coming back to C++ when working on embedded teleconference systems at Cisco. For the last couple of years she has begun doing public speaking, after only doing in-house speaking before. She is passionate about the tech industry and its impact on peoples lives. Since January she has been active in the #include<C++> community where she is one of the admins.
—
—
*-----*
*-----*