Terri Oda

Biography

Terri has a PhD in horribleness, assuming we agree that web security is kind of horrible. She stopped working on skynet (err, automated program repair and artificial intelligence) before robots from the future came to kill her and then she got a job in open source, which at least sounds safer. Now, she gets paid to break things and tell people they’re wrong while working towards more secure open source and open web standards. She doesn’t get paid for her work on GNU Mailman or running Google Summer of Code for the Python Software Foundation, but she does those things too.

Open Source Bridge 2016

Sessions for this user

* Sparkle security

"Agent Sparkle, you have been recruited as a security expert to use your skills to protect the kingdom of Project Rainbow. You might not feel qualified yet, but Project Rainbow has great faith in your ability to learn." Web security is perhaps one of most fun types of computer security to master: exploits can be constructed quickly and without many tools. But sadly, while there are many tutorials, they simply don't have enough rainbows and sparkles and the practice exploits tend to focus on the basics without flourishes. Project Sparkle is a set of "training missions" designed to make learning web security more kid-friendly, but we think the audience of Open Source Bridge will also enjoy exploiting the web to add more rainbows and sparkles!
Practice
Terri Oda

* Taking no for an answer

Open source (like many fields) rewards people who are confident and even a bit pushy. So we give talks encouraging folk to get over imposter syndrome, lean in, say yes to more things. But self-improvement shouldn't focus only on our most vulnerable members, but also our most powerful. So let's talk not about saying yes, but about hearing no. Learning to take no for an answer can transform efforts such as security, diversity and mentoring where we have few experts or volunteers and great need. Let's talk about accepting "defeat" with grace, and how to take "no" for an answer while still moving forwards.
Culture
Terri Oda

Open Source Bridge 2015

Sessions for this user

* Bringing Security to Your Open Source Project

With high profile breaches in open source projects, the issue of security has become one of great import to many people. But many projects, especially smaller ones, are intimidated by the idea of a security audit. This talk will discuss ways for smaller projects to experiment, learn, and even have fun improving their security. No PhDs in security required!
Culture
Terri Oda

* Internet of Things Militia: Paramilitary Training for your IoT devices

Security folk generally talk about how the Internet of Things is bad for security, but it also brings new sensors and connected devices that could co-operate in new and interesting ways. Could we use internet things to enhance security?
Hacks
Terri Oda

Open Source Bridge 2014

Sessions for this user

* When Many Eyes Fail You: Tales from Security Standards and Open Source

It's often said that "given many eyes, all bugs are shallow" and open source proponents love to list this as a reason that open source is more secure than its closed-source relatives. While that makes a nice sound bite, the reality of security with many eyeballs doesn't fit so nicely into a tweet. This talk will explore some of the things that surprised me in going from academic security research to industry security research in open source and open standards.
Culture
Terri Oda