The BCS OSSG is hosting a one day, multi-session event with security experts examining the current issue of the risks involved in Open Source Software.
This event should be of interest to anyone using Open Source software in a commercial environment.
Open Source is now a board level risk in all companies on the top 100 List.
Heartbleed: The filing of vulnerable source code by a Programmer who would normally work on a globally deployed piece of OS code adopted on the majority of OS Systems. This was filed at a minute to midnight on the last day when a contractor could perform work legally for the Federal government. The end result every computer updated with the latest version of OpenSSL was subject to a vulnerability. In the wild this vulnerability has been exploited by several nation states to take ownerships of machines regardless of operating system.
The speaker sessions – starting at 10:00am – will be:
- Randy Bush, IETF NOMCOM, trac.cryptech.is/ Trying to make the Internet a bit safe; OS Hardware Security Module [Remotely ]
- Adrian Wincles, www.44con.com organiser; “Failed”
- Nick Murison, www.nickmurison.me.uk”; software quality management, The Building Security In Maturity Model (BSIMM)
- TBC, “Verifying OS libraries”
- Richard Forno, https://attrition.org/mailman/listinfo/infowarrior, TBC [Remotely]
- David Lacey, www.computerweekly.com/blogs/david_lacey ; “What Next”, a panel discussion”; Originator of what is now ISO 27001
There will be short breaks between sessions for Coffee and lunch will be provided at 13:00pm.
The day will close with a summary at 16:30pm.
The sessions will be held in a general round table format and contributions from attendees are welcome.
The event is Free to attend for both BCS Members and non-members.