I C A T I O N S , B Y D E S I G N will start at 1:00 – J e s s i c a P a y n e “Bugs and exploits are not the main issue in most breeches, operational issues and technical debt are.” "Your attacker thinks like my attacker: A common threat model to create better defense"
I C A T I O N S , B Y D E S I G N will start at 1:00 – A d a m S h o s t a k “If you don’t have a clear answer to the question, ‘What’s your threat model?’ it can lead to inconsistency and wasted effort.” Threat Modeling, Designing for Security
I C A T I O N S , B Y D E S I G N will start at 1:00 – G e o r g e B o x “Essentially, all models are wrong, but some are useful.” “Robustness in the strategy of scientific model building”
I C A T I O N S , B Y D E S I G N will start at 1:00 – L e s l e y C a r h a r t “Regularly rethink your threat model. Know your threat model and that of your family before making any security decision.” https://twitter.com/hacks4pancakes/status/917952052667604993
I C A T I O N S , B Y D E S I G N will start at 1:00 – M a t t h e w G r e e n “The hard step in f inding a catastrophic random number generator flaw is learning that something has its own RNG.” https://twitter.com/matthew_d_green/status/919559836194496512
I C A T I O N S , B Y D E S I G N will start at 1:00 – M a t t B l a z e “Like almost all password rules, some twit made it up because it seemed like a good idea.” https://twitter.com/mattblaze/status/919920915181383681
I C A T I O N S , B Y D E S I G N will start at 1:00 – Q u i n n N o r t o n “Putting a sticker on your webcam doesn’t protect you if your keystrokes are being captured, mail plundered, pwd locker taken, etc. etc.… It's an internet rabbit’s foot and doesn't belong in an actual security narrative.” https://twitter.com/quinnnorton/status/921861070288969728
I C A T I O N S , B Y D E S I G N will start at 1:00 – A l l i s o n M i l l e r “I don't think humans are the problem, the problem is that humans are the target. We can rely on tech to protect the tech, but a lot of the attacks that we see are really bad human behavior that's attacking other human behavior…. So looking for more human solutions to those problems is the way to go.” https://www.scmagazineuk.com/news-feature-google-security-interview-human-solutions--the-way-to-go/ article/701976/
I C A T I O N S , B Y D E S I G N will start at 1:00 – A l l i s o n M i l l e r “…anywhere that humans are using your system or have choices to make impacts the security of the system. How can you design those choices, experiences, in a way that makes it really easy for them to be successful? And more diff icult for them to make honest human mistakes?” https://www.scmagazineuk.com/news-feature-google-security-interview-human-solutions--the-way-to-go/ article/701976/
I C A T I O N S , B Y D E S I G N will start at 1:00 – K a t i e M o u s s o u r i s “Bug bounties can be effective if applied thoughtfully in a mature organization. The majority of organizations lack basic security hygiene & can't keep up, though.” https://twitter.com/k8em0/status/925587516991959040
I C A T I O N S , B Y D E S I G N will start at 1:00 – To n y A r c i e r i “Programming in C means you are using an unsafe memory model 100% of the time. It is the programming equivalent of trying to walk a tightrope over a lake full of alligators while trying to avoid getting electrocuted by dangling power lines. The slightest mistake in your arithmetic at any one place in the code can be the difference between a perfectly safe program and remote code execution.” https://tonyarcieri.com/it-s-time-for-a-memory-safety-intervention
I C A T I O N S , B Y D E S I G N will start at 1:00 – J o h n n y A p p l e s e e d “Type a quote here.” https://twitter.com/chrisrohlf/status/925846092184477698
I C A T I O N S , B Y D E S I G N will start at 1:00 – Z e y n e p T u f e k c i “We’re building a dystopia just to make people click on ads.” https://www.ted.com/talks/zeynep_tufekci_we_re_building_a_dystopia_just_to_make_people_click_on_ads
I C A T I O N S , B Y D E S I G N will start at 1:00 – D o n a l d M a c K e n z i e “Over 90 percent of these [1100] deaths were caused by faulty human-computer interaction (often the result of poorly designed user interfaces or of organizational failings as much as of mistakes by individuals). …software ‘bugs’ caused no more than 3 percent, or thirty, deaths…” Mechanizing Proof: Computing, Risk, and Trust (2003), p. 300
I C A T I O N S , B Y D E S I G N will start at 1:00 “It has been estimated that 70 to 90% of the safety- related decisions in an engineering project are made during the early concept development stage. When hazard analyses are not performed, are done only after the fact…, or are performed but the information is never integrated into the system design environment, they can have no effect on these decisions and the safety effort reduces to a cosmetic and perfunctory role.” – N a n c y G . L e v e s o n The Role of Software in Spacecraft Accidents