Sponsors

  • Microsoft
  • Nebula
  • Google
  • SugarCRM
  • Facebook
  • HP
  • Intel
  • Rackspace Hosting
  • WSO2
  • Alfresco
  • BlackBerry
  • CUBRID
  • Dell
  • eBay
  • Heroku
  • InfiniteGraph
  • JBoss
  • LeaseWeb
  • Liferay
  • Media Temple, Inc.
  • OpenShift
  • Oracle
  • Percona
  • Puppet Labs
  • Qualcomm Innovation Center, Inc.
  • Rentrak
  • Silicon Mechanics
  • SoftLayer Technologies, Inc.
  • SourceGear
  • Urban Airship
  • Vertica
  • VMware
  • (mt) Media Temple, Inc.

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the convention, contact Sharon Cordesse at scordesse@oreilly.com

Download the OSCON Sponsor/Exhibitor Prospectus

Contact Us

View a complete list of OSCON contacts

Network
Join Attendee Network
 

Kerckhoffs' Legacy: Security and Open Source

David Mirza (Subgraph)
3:30pm Tuesday, 07/26/2011
IT Leaders Summit
 Location: F 150
Tags: security, hacking, vulnerabilities, cryptography
Presentation: Kerckhoffs_ Legacy_ Security and Open Source Presentation [PDF]
Average rating: ***..
(3.00, 4 ratings)

Open source is good for security and always has been. This presentation tells the lesser-known history of security and open source, with Kerckhoffs’ principle as a unifying theme. Auguste Kerckhoffs was a 19th century linguist who had an important realization: obscurity doesn’t provide any real security. I’ll begin with an introduction of his principle and explanation of its fundamental importance to the field of cryptography.

Kerckhoffs’ big idea is also relevant beyond the theoretical realm of cryptographic algorithms. I will discuss first-hand experiences and observations from my time as the moderator of the Bugtraq mailing list, a sometimes controversial forum where vulnerabilities, exploits, and patches are shared and discussed openly.

I’ll also cover the important contributions of the security research community, the output of which has directly improved security for everyone. Some of the open source tools developed by these researchers first introduced or prototyped ideas that became commercially viable security technologies, including commercial open source successes.

People planning to attend this session also want to see:

Photo of David Mirza

David Mirza

Subgraph

David has been at this for over 10 years. He started his professional experience as a founding member of Security Focus, which was acquired by Symantec in 2002. During that time he moderated the Bugtraq mailing list, a historically important forum for discussion of security vulnerabilities, for over four years. He has spoken at Black Hat, Can Sec West, AusCERT and numerous other security conferences, as well as made contributions to books, magazines and other publications. David also participated in a NIAC working group on behalf of Symantec to develop the first version of the CVSS (Common Vulnerability Scoring System) model and served as an editor for IEEE Security & Privacy for several years. His current obsession is building Subgraph, his open source security startup in Montréal.

Comments on this page are now closed.

Comments

Picture of Brady Mathis
Brady Mathis
07/28/2011 9:51am PDT

Great presentation, thanks.