Bringing Security to Your Open Source Project

*
Accepted Session
Short Form
Beginner
Scheduled: Thursday, June 25, 2015 from 4:45 – 5:30pm in B202/203

Excerpt

With high profile breaches in open source projects, the issue of security has become one of great import to many people. But many projects, especially smaller ones, are intimidated by the idea of a security audit. This talk will discuss ways for smaller projects to experiment, learn, and even have fun improving their security. No PhDs in security required!

Description

With high-profile breaches in open source projects such as bash’s shellshock or openssl’s heartbleed, the issue of security in open source has become one of great import to many people. Bigger projects may be able to attract researchers and funding for security work, but what about the smaller projects? Many projects are intimidated by the idea of a security audit. What if you don’t have access to any real security experts? What is fuzz testing anyways? What if we get it wrong? What does a security hackathon look like and how could I run one?

This talk will discuss ways for smaller projects to experiment, learn, and even have fun improving their security. No PhDs in security required!

Tags

security

Speaking experience

This is a brand new talk. It's based on some feedback from my talk last year that indicated that people would like to know more about techniques for bringing security to their projects.

As a former academic, I used to give a lot of talks on my work to both the scientific community and more general audiences. People were often shocked that they weren't boring. ;) I also have done open source talks about my work with GNU Mailman at Linuxcon, as well as many talks geared for open source outreach, including to women in computing venues.

I have a list with many of my talk abstracts and slides here: http://terri.toybox.ca/speaking/

Speaker

  • Biography

    Terri has a PhD in horribleness, assuming we agree that web security is kind of horrible. She stopped working on skynet (err, automated program repair and artificial intelligence) before robots from the future came to kill her and then she got a job in open source, which at least sounds safer. Now, she gets paid to break things and tell people they’re wrong while working towards more secure open source and open web standards. She doesn’t get paid for her work on GNU Mailman or running Google Summer of Code for the Python Software Foundation, but she does those things too.

    Sessions