I gave two talks at Open Source Bridge this year, and they’ve recently put the videos online. Here’s the more serious and informative of the two:
Bringing Security to Your Open Source Project
Abstract: With high profile breaches in open source projects, the issue of security has become one of great import to many people. But many projects, especially smaller ones, are intimidated by the idea of a security audit. This talk will discuss ways for smaller projects to experiment, learn, and even have fun improving their security. No PhDs in security required!
Video embedded below:
I’m a bit sad that they cut out the introduction I got; it was pretty hilarious.
The motivation behind this talk is that when I tell people in open source communities that I do security for open source projects, I get a lot of interest but people always say they don’t know where to start and quite a lot of them buy into the idea that somehow just being open source makes you secure. That can be a big push towards security for some projects, but it’s not a panacea, so this talk is an intro to how to do a security hackathon and be welcoming to folk who want to help with your security.
[Bringing Security to Your Open Source Project (Slides)] The slides are in the video as well, but sometimes this is easier! If you look at the slides, you can also see a rough version of what I’d planned to say in the notes section.
One of these days I’ll transcribe the talk and set up a blog post with slides as images for folk who don’t aren’t into videos for whatever reason (I know I don’t watch very many myself unless I’m multitasking), but I thought I’d share the video first rather than wait. Hope you like it!