Niche expert tracks and focus discussions can be hard to find but they keep me coming back to the massive RSA Conference. Surprise highlights this year are ForAllSecure’s FuzzCon and NCCoE’s discussion on Secure Software Development Frameworks.
Here are two quick takes you might appreciate:
Richard Johnson @richinseattle showed a fuzzer playing Super Mario better than most people ever did. His keynote “Lightning in a Bottle - 25 Years of Fuzzing” is well worth a browse. Subject matter experts on fuzzing were united on the claim: ‘fuzzing pays for itself’. They were also unanimous about the current state of practice: fuzzing just isn’t approachable for many developers. I’m optimistic this loose knit group of kindred spirits in fuzzing will help create a path forward and democratize ‘Lightning in a Bottle’ for everyone.
Steve Lipner @safecode applauded recent efforts from BSA, NIST and SAFECode to elevate and evangelize Secure Software Development Frameworks. I know what you are thinking…the highlight was NOT wading through yet another dense security framework document. The magic was discussion with security leaders from Adobe, Atlassian and Microsoft sharing pro-tips on how they implement secure development practices.
Discussion of secure development practices is exactly what is planned for Mike Lemley’s PI World DevCon presentation on Thursday 3PM. Let’s face it you know you are curious about how the sausage is made (we get your questions all the time). Come get the scoop at DevCon. Mike will be sharing our pro-tips from a decade of SDL at OSIsoft. Plus, PI World is a lot more fun than wading through lengthy guidance documents!