Code as Risk
This video is also available in the GOTO Play video app! Download it to enjoy offline access to our conference videos while on the move.
or
What is risk? Many people aren't sure, but it's not just uncertainty: risk is exposure to uncertainty.
Instead of just plastering over the cracks, security should also involve reducing the size and number of cracks, reducing the opportunities for cracks to appear, reducing the class of errors and oversights that can open a system to failure instigated from the outside. We can learn a lot from other kinds of software failure, because every failure unrelated to security can be easily reframed as a security-failure opportunity.
This is not a talk about access control models, authentication, encryption standards, firewalls, etc. This is a talk about reducing risk that lives in the code and the assumptions of architecture, reducing the risk in development practices and in the blind spot of development practices.
-
Blockchain: The Slowest (and most Fascinating) Database in the WorldStefan TilkovTuesday Jun 13 @ 11:10
-
Applied Microservice SecurityAdrian MouatTuesday Jun 13 @ 10:10
-
Code as RiskKevlin HenneyTuesday Jun 13 @ 14:00
-
Building Layers of Defense with Spring SecurityJoris KuipersTuesday Jun 13 @ 15:00
-
Security in the Delivery PipelineJames WickettTuesday Jun 13 @ 16:10