30. September 2013 08:21
So GOTO has been kicked off, with a pretty good crowd for the walkthrough of todays speakers. As always the crowd is a bit slow at first until the first cop of coffee starts to work. It helped a bit when an Opera singer went on stage, forcing everybody to ask them selves of that was really happening of they had fallen back asleep.
Todays keynote was by Brian Chess with a talk entitled "There and back again". He did a really good job at making computer security fun and interesting - even for those of us who usually find it quite heavy and dry. Brians key points were that security really is the responsibility of the developer, and that antivirus software and the like, are just bandaids.
To do something about security he made two clear points. Developer need training to recognize and fix security issues. Out side help from experts and codereviews augmented by static analysis are the way to go in order to compile a list of issues to fix.
In reguard to system design he also called out minimizing security decisions for users and developers. Also it is important to build in feedback cycles - because the natural feedback cycle is way too long, as years often go by and the feedback is in the form of an exploit already happening.