For information on exhibition and sponsorship opportunities at the convention, contact Sharon Cordesse at firstname.lastname@example.org
Download the OSCON Sponsor/Exhibitor Prospectus
View a complete list of OSCON contacts
Open source is good for security and always has been. This presentation tells the lesser-known history of security and open source, with Kerckhoffs’ principle as a unifying theme. Auguste Kerckhoffs was a 19th century linguist who had an important realization: obscurity doesn’t provide any real security. I’ll begin with an introduction of his principle and explanation of its fundamental importance to the field of cryptography.
Kerckhoffs’ big idea is also relevant beyond the theoretical realm of cryptographic algorithms. I will discuss first-hand experiences and observations from my time as the moderator of the Bugtraq mailing list, a sometimes controversial forum where vulnerabilities, exploits, and patches are shared and discussed openly.
I’ll also cover the important contributions of the security research community, the output of which has directly improved security for everyone. Some of the open source tools developed by these researchers first introduced or prototyped ideas that became commercially viable security technologies, including commercial open source successes.
David has been at this for over 10 years. He started his professional experience as a founding member of Security Focus, which was acquired by Symantec in 2002. During that time he moderated the Bugtraq mailing list, a historically important forum for discussion of security vulnerabilities, for over four years. He has spoken at Black Hat, Can Sec West, AusCERT and numerous other security conferences, as well as made contributions to books, magazines and other publications. David also participated in a NIAC working group on behalf of Symantec to develop the first version of the CVSS (Common Vulnerability Scoring System) model and served as an editor for IEEE Security & Privacy for several years. His current obsession is building Subgraph, his open source security startup in Montréal.
Comments on this page are now closed.