Why we suck at building secure software and what we can do about it
Appsec: Why we suck at building secure software, and what we can do about it?
Tell a friend Share
Thursday, November 7, 2013
6:00 PM to 7:30 PM
Alistair Ross Technology Centre
3553 - 31 Street NW, Calgary, AB (map)
Just north of the University of Calgary between the Mechanical Engineering building and the Brentwood C-Train
Hello CAMUG members,
As practitioners of an agile process that touts fast time-to-market and high quality, we are often faced with the difficulty that arises when we ignore certain aspects that are foundational to building good software. Our next speaker, Jim Bird, for the Nov. 7th session wants to address one such shortcoming: Application Security (Appsec): Why we suck at building secure software, and what we can do about it?
Abstract: The number of security attacks on applications is increasing year over year. This is because developers suck at writing secure software – and the bad guys know it. Web applications are full of security holes. Mobile apps are worse. Real time industrial control systems are easily hacked, which could lead to potential disaster situations. And of course there are still lots of vulnerabilities found every week in personal software: Windows, Adobe Reader, Java, Quicktime…
Many security experts believe that Agile development is making the problem worse – that Agile teams cannot build secure software. But just because we don’t write secure software doesn’t mean that we can’t. We’ll look at how serious the appsec problem is and why: what the problems are in building a secure app, how Agile development practices make it more difficult to build secure software, and what we need to change.
Bio: Jim Bird is an experienced development manager, project manager and CTO, who has spent the last 15 years building and running systems for stock exchanges and banks. He has worked on projects in more than 30 countries, and consulted to organizations like IBM, the central banks of Italy and Saudi Arabia, the Australian Stock Exchange, the Korea Exchange Group and the Deutsche Borse. He was the CTO at EFA Software, and is currently CTO and founder of a major US institutional trading platform based in New York. He is also an application security analyst with the SANS Institute and a contributor to the Open Web Application Security Project (OWASP), and he blogs on software development, software security and devops issues at “Building Real Software”.
This is the third session in the CAMUG 2013/2014 season. Thursday, Nov. 7th, come at 6pm and enjoy complementary food and refreshments. The session itself runs from 6:30pm to 7:30pm. Find our location on Google Maps here and we're in the Atrium as soon as you walk in the front doors. Parking is free in front of the building after 5pm!
Special thanks to Innovate Calgary for the venue. Thanks also to the University of Calgary for sponsoring the food and Intellog Inc. for providing refreshments at the Meetup group.
Learn More: Why we suck at building secure software and what we can do about it