July 20–24, 2015
Portland, OR

How my POODLE lost his Xen state by seeing a Ghost, going BERserk, and getting ShellShock with a Heartbleed

Constanza Heath (Intel)
10:40am–11:20am Wednesday, 07/22/2015
Protect E146
Average rating: ***..
(3.00, 5 ratings)

Prerequisite Knowledge

No specific knowledge or skills. Security cuts across all areas.

Description

2014 was a hard year for open source software. The year was filled with Heartbleed, ShellShock, BERserk, and other vulnerabilities. These vulnerabilities were broadly discussed, even in news media that generally never cover these things such as CNN and Fox News. The question is, was this amount of attention really justified?

This presentation will take the data from the open CVE database and determine if there really is a striking change in the number of vulnerabilities, in either the frequency or severity of software security bugs, in open source software. We’ll also compare those two metrics to well-known proprietary counterparts.

This presentation will be extremely detailed on the data and be no-holds-barred when it comes to the direction that the data leads. Everyone will be able to see:

  • Has there been an increase in the frequency or severity of security defects in open source software?
  • Is open source or proprietary software more secure?
Photo of Constanza Heath

Constanza Heath

Intel

Constanza Heath is a Security Researcher in Intel’s Open Source Technology Center organization, which includes design of core security features, review, and implementation of software solutions and communication services. She currently focuses on IoT security and enablement while making time to shepherd a Security Working Group inside Intel. She has architected several middleware software interfaces and meta-data aggregation services for OTC’s Moblin, MeeGo and Tizen operating systems and most recently promoted the Intel XDK as an HTML5 Evangelist. Her career has taken her up and down the software stack, making security a natural discipline. She joined Intel in 2010, after spending six years with Hewlett Packard as a Firmware Specialist, and three years at Raytheon’s Vision Systems, Remote Satellite, and Electronic Warfare divisions. As a former advisor to the Ada Initiative, and a member of SWE, Constanza is an avid supporter of local community groups. She has participated in events around AAUW’s Equal Pay Day and STEM programs and helped run several programs for the advancement of women in technology. Known as ‘mnementh’ to fellow hackers on IRC, you can also find her on Twitter at @hackermnementh.

Comments on this page are now closed.

Comments

Miyoung Shin
07/30/2015 11:09am PDT

Can I get the presentation document or some material?