Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Bad Version of Builders vs. Breakers

Bad Version of Builders vs. Breakers

Here is an example of what a presentation shouldn't look like.

Brett Hardin

October 26, 2012
Tweet

More Decks by Brett Hardin

Other Decks in Technology

Transcript

  1. BIOs of DOOOOOOOOOOOOOM! Builder Jon "Dext" Rose Qualifications: •  Built

    Paypal in 2 hours. •  247 code pushes to open source projects. Breaker Matt "Ana" Konda Qualifications: •  Broke into CIA when 12. •  Deleted the arrest record when 16.
  2. BIOs of DOOOOOOOOOOOOOOOM! Moderator Brett "Broken" Hardin Qualifications: •  Board

    Game Junky •  Entrepreneur •  The Original "Fixer" •  Chico Stoplight King
  3. History BSidesChicago 2011 BSidesChicago 2012 Defcon SkyTalk 2012 Thanks to:

    @secbarbie, @securitymoey, @elimmartin, @claudij, @dschlieffer, @miscsecurity Also: @curphey, @joshcorman, (others)
  4. Format Debate  a  ques*on  –  a  few  minutes  each  

    1-­‐2  Audience  members  provides  input   Audience  Votes   Loser  Drinks   Repeat  
  5. Breaker “….developers will never learn, never improve because they are

    repeating the same mistakes over and over again” – Breaker on Twitter
  6. Builder “…only good at ranting. Zero contribs, and almost zero

    constructive feedbacks but bashing” – Developer reply
  7. Breaker “If  you  are  a  developer  and  don’t   know

     who  OWASP  is  at  this  point,  it’s   because  you’ve  chosen  not  to.”   –  Breaker’s   Tweet  
  8. Builder “Problem.  Infosec  pros,  pentesters  etc.   are  more  interested

     in  #appsec  than   programmers.  How  to  change  that?  <   will  not  change”   –  Builder’s   Tweet  
  9. Breaker “…  the  developer  who  did  this  should   be

     taken  out  into  the  street  and   beaten  …”   –  Breaker  at  Thotcon  
  10. We don’t really feel this way… • Take a hard stance

    on both sides in an attempt to elicit your participation • Get everyone to come to the same conclusion that the current model is broken •  Generate conversation on how we can make it better
  11. Do the current models work? Do you think security issues

    are getting fixed faster or slower than 5 years ago? Do you think there is more/less awareness into security issues? Do you think more/less security issues are being introduced?