Home Conference Sessions Code as Risk

Code as Risk

Kevlin Henney | GOTO Amsterdam 2017

Share on:
linkedin facebook
Copied!

Transcript

What is risk? Many people aren't sure, but it's not just uncertainty: risk is exposure to uncertainty.

Instead of just plastering over the cracks, security should also involve reducing the size and number of cracks, reducing the opportunities for cracks to appear, reducing the class of errors and oversights that can open a system to failure instigated from the outside. We can learn a lot from other kinds of software failure, because every failure unrelated to security can be easily reframed as a security-failure opportunity.

This is not a talk about access control models, authentication, encryption standards, firewalls, etc. This is a talk about reducing risk that lives in the code and the assumptions of architecture, reducing the risk in development practices and in the blind spot of development practices.

About the speakers

Kevlin Henney
Kevlin Henney

Independent consultant, speaker, writer and trainer