The Road to Mordor: Information Security Issues and Your Open Source Project

Wednesday, December 7, 2016 - 4:45pm5:30pm

Amye Scavarda, Red Hat

Abstract: 

From time to time, communities will run across information security incidents. In the course of project expansion, it always seems like a good idea to wake up a new instance of Something_With_A_Database and not write down the credentials or think very clearly about what the permissions are on that new instance. If you're involved in open source for any length of time, you're going to discover a hack at some point in time. However, the Lord of the Rings is a great model for being able to deal with your information security issues.

I'll cover:

  • The forging of the ring: or how this stuff happens in the first place
  • How Gollum became corrupted: what happens when you don't work in a timely manner to resolve these things
  • The cast of characters: someone on your team is going to be Gandalf. You might not always have a ranger who comes out of the shadows and saves you
  • The journey to Rivendell: what effective discovery on an information security looks like
  • The council of Elrond: what to do after you've gone through discovery and now you need input
  • The mines of Moria: what happens when you don't do a thorough discovery, and/or information comes to light that should not have been forgotten
  • Getting waylaid on the road: challenges within the team and balancing out different needs around disclosure and resolution
  • Good grief, Boromir: Someone who has different ideas even after the Council of Elrond
  • Actually getting the ring to Mordor: Resolution/launch, disclosure
  • Going back and cleaning up the shire: Making sure you're in a better place at the end

LISA16 Open Access Sponsored by Bloomberg

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {201498,
author = {Amye Scavarda},
title = {The Road to Mordor: Information Security Issues and Your Open Source Project},
year = {2016},
address = {Boston, MA},
publisher = {{USENIX} Association},
month = dec,
}

Presentation Video

Presentation Audio