The tech industry is in the middle of a massive, uncontrolled social experiment. Having made commercial mass surveillance the economic foundation of our industry, we are now learning how indiscriminate collections of personal data, and the machine learning algorithms they fuel, can be put to effective political use. Unfortunately, these experiments are being run in … Read More
This talk will provide an overview of the internet of things (IoT) distributed denial of service (DDoS) landscape. The number of known vulnerable devices continues to grow and, with it, a potential platform for malicious activity is also expanding. At the end of October 2016, Dyn was the target of a DDoS attack fueled by … Read More
Now is the time for a new approach to protect the covenant between an application’s owners and its users. Present threats are too numerous and varied and the battlefield too complex to defend with existing methods. In particular, technical defenses have limited effectiveness against non-technical attacks. The techniques presented here protect against attacks on all … Read More
The topic of DevSecOps is starting to percolate in the technology world’s brew. There are presentations, manifestos, blogs, and conference sessions all dedicated to the practice. As humble practitioners of the DevSecOps craft, this talk will focus on the Starbucks efforts to securely develop, deploy, and support a unified commerce platform for one of the … Read More
This talk has two parts. First, I will present technical ideas from research, including my own, that help secure software by construction. Even though these are reasonable ideas, however, the gap between academia and industry often prevents these ideas from becoming realized in practice. Second, I will discuss what prevents longer-term security solutions from being commercialized, how we started the Cybersecurity Factory accelerator bridge the research/industry gap, and how we can work together to address the issues that remain.