Making Open Work
May 8–9, 2017: Training & Tutorials
May 10–11, 2017: Conference
Austin, TX

Schedule: Security sessions

Security is a longstanding problem in the software world, previously organized more by technology stack, and now, being viewed through a more language-agnostic and services-oriented lens. What do you protect? What frameworks and libraries are working for you? How do you test the strength of your security? How do you fix it when it doesn’t do the job? How do we deal with identity and privacy? How open should we be?

Add to your personal schedule
9:00am12:30pm Monday, May 8, 2017
Location: Meeting Room 12
Level: Beginner
Bart Miller (UC Wisconsin-Madison), Elisa Heymann (Autonomous UC Barcelona | UC Wisconsin-Madison)
Securing your network is not enough. Every service that you deploy is a window into your data center from the outside world—a window that could be exploited by an attacker. Bart Miller and Elisa Heymann explain how to minimize the security flaws in the software you develop or manage. Read more.
Add to your personal schedule
11:00am11:40am Wednesday, May 10, 2017
Location: Meeting Room 10 A/B
Level: Beginner
Jeremy Anderson (Cambia Health Solutions)
While the rest of the world tries to solve the problems of insecure software with firewalls and intrusion detection, Jeremy Anderson explains how to solve the problem where it starts: at the code that defines it. Join Jeremy to learn how to fix code security defects at development where they’re created instead of at production when it’s already too late. Read more.
Add to your personal schedule
11:50am12:30pm Wednesday, May 10, 2017
Location: Meeting Room 10 A/B
Level: Intermediate
Susan Sons (Center for Applied Cybersecurity Research, Indiana University)
As a community, we talk a lot about security goals and trade-offs and about the controls we may use to get there. What we don't talk enough about is first principles. Susan Sons shares the seven information security practice principles developed with her team at IU CACR and introduces a mental model for reasoning about security instead of trying to memorize for security. Read more.
Add to your personal schedule
1:45pm2:25pm Wednesday, May 10, 2017
Location: Meeting Room 10 A/B
Level: Intermediate
James Bottomley (IBM Research)
TPMs are now ubiquitous in the COTS hardware we use to build clouds, but they're not often used to enhance the security of the cloud environment. James Bottomley explains how sequestered trust models like the TPM can be used to enhance cloud security even in an apparently insecure environment. Read more.
Add to your personal schedule
2:35pm3:15pm Wednesday, May 10, 2017
Location: Meeting Room 10 A/B
Level: Intermediate
The Swift language was born on the client side, but since it was open sourced in late 2015, it has gained huge momentum in the server community. Gelareh Taban use an end-to-end example app to explain how security can be built into a Swift client-server application and recommend best practices on Swift security frameworks and specific language features. Read more.
Add to your personal schedule
4:15pm4:55pm Wednesday, May 10, 2017
Location: Meeting Room 10 A/B
Level: Non-technical
Tiberius Hefflin (Portland General Electric)
Virus? Malware? There’s an app for that. Social engineering? It's a little more complicated. These techniques, used by hackers to gather information on their target, are hard to combat without education. Tiberius Hefflin explains how these attacks take place, how to combat them, and why companies fail to prepare their staff for such an attack. Read more.
Add to your personal schedule
5:05pm5:45pm Wednesday, May 10, 2017
Location: Meeting Room 10 A/B
Level: Intermediate
Christian Wenz  (Arrabiata Solutions GmbH)
Since developers seem to have a hard time writing secure apps, browsers have come to their aid with new techniques and protocols like built-in XSS filters, special HTTP headers, and more that can help prevent many attacks. Christian Wenz offers an overview of these new safeguards, including HSTS, CSP, secure cookies, and much more. Read more.
Add to your personal schedule
2:35pm3:15pm Thursday, May 11, 2017
Location: Meeting Room 9 A/B
Level: Beginner
Derek Weeks (Sonatype)
Derek Weeks shares the results of a three-year study of open source development practices across 3,000 organizations, exploring the vast software supply chains these organizations employ that are simultaneously improving development productivity and undermining quality and security practices. Derek then outlines DevOps practices that support building in quality and security from the beginning. Read more.