Sponsors

  • Microsoft
  • Nebula
  • Google
  • SugarCRM
  • Facebook
  • HP
  • Intel
  • Rackspace Hosting
  • WSO2
  • Alfresco
  • BlackBerry
  • CUBRID
  • Dell
  • eBay
  • Heroku
  • InfiniteGraph
  • JBoss
  • LeaseWeb
  • Liferay
  • Media Temple, Inc.
  • OpenShift
  • Oracle
  • Percona
  • Puppet Labs
  • Qualcomm Innovation Center, Inc.
  • Rentrak
  • Silicon Mechanics
  • SoftLayer Technologies, Inc.
  • SourceGear
  • Urban Airship
  • Vertica
  • VMware
  • (mt) Media Temple, Inc.

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the convention, contact Sharon Cordesse at scordesse@oreilly.com

Download the OSCON Sponsor/Exhibitor Prospectus

Contact Us

View a complete list of OSCON contacts

Kerckhoffs' Legacy: Security and Open Source

David Mirza (Subgraph)
IT Leaders Summit
Location: F 150
Average rating: ***..
(3.00, 4 ratings)

Open source is good for security and always has been. This presentation tells the lesser-known history of security and open source, with Kerckhoffs’ principle as a unifying theme. Auguste Kerckhoffs was a 19th century linguist who had an important realization: obscurity doesn’t provide any real security. I’ll begin with an introduction of his principle and explanation of its fundamental importance to the field of cryptography.

Kerckhoffs’ big idea is also relevant beyond the theoretical realm of cryptographic algorithms. I will discuss first-hand experiences and observations from my time as the moderator of the Bugtraq mailing list, a sometimes controversial forum where vulnerabilities, exploits, and patches are shared and discussed openly.

I’ll also cover the important contributions of the security research community, the output of which has directly improved security for everyone. Some of the open source tools developed by these researchers first introduced or prototyped ideas that became commercially viable security technologies, including commercial open source successes.

Photo of David Mirza

David Mirza

Subgraph

David has been at this for over 10 years. He started his professional experience as a founding member of Security Focus, which was acquired by Symantec in 2002. During that time he moderated the Bugtraq mailing list, a historically important forum for discussion of security vulnerabilities, for over four years. He has spoken at Black Hat, Can Sec West, AusCERT and numerous other security conferences, as well as made contributions to books, magazines and other publications. David also participated in a NIAC working group on behalf of Symantec to develop the first version of the CVSS (Common Vulnerability Scoring System) model and served as an editor for IEEE Security & Privacy for several years. His current obsession is building Subgraph, his open source security startup in Montréal.

Comments on this page are now closed.

Comments

Picture of Brady Mathis
Brady Mathis
07/28/2011 9:51am PDT

Great presentation, thanks.