The BCS OSSG is hosting a one day, multi-session event with security experts examining the current issue of the risks involved in Open Source Software.
This event should be of interest to anyone using Open Source software in a commercial environment.
The event will be held on 25th September 2014 at BCS HQ – 5 Southampton Street, London, WC2E 7HA from 9:30am to 5:00pm.
Open Source is now a board level risk in all companies on the top 100 List.
Heartbleed: The filing of vulnerable source code by a Programmer who would normally work on a globally deployed piece of OS code adopted on the majority of OS Systems. This was filed at a minute to midnight on the last day when a contractor could perform work legally for the Federal government. The end result every computer updated with the latest version of OpenSSL was subject to a vulnerability. In the wild this vulnerability has been exploited by several nation states to take ownerships of machines regardless of operating system. Little awareness of the defence against bad open source has been discussed and this session will bring experts in security to examine if we are ready and prepared in the light of Heartbleed to examine OS Risk, with pointers to the Defence Against the Dark Arts.
Timetable
Coffee will be available from 09:30am.
The speaker sessions – starting at 10:00am – will be:
- Randy Bush, IETF NOMCOM, trac.cryptech.is – Trying to make the Internet a bit safe; OS Hardware Security Module [Remotely ]
- Adrian M – Event Director & Co-Founder of 44CON (part of Sense/Net Events) www.44con.com.
- Nick Murison, www.nickmurison.me.uk” – Software quality management, The Building Security In Maturity Model (BSIMM)
- TBC, “Verifying OS libraries”
- Richard Forno, https://attrition.org/mailman/listinfo/infowarrior – TBC [Remotely]
- David Lacey, www.computerweekly.com/blogs/david_lacey – “What Next”, a panel discussion”; Originator of what is now ISO 27001
There will be short breaks between sessions for coffee and lunch will be provided at 13:00pm.
The day will close with a summary at 16:30pm.
The sessions will be held in a general round table format and contributions from attendees are welcome.
The event is Free to attend for both BCS Members and non-members.
Booking is required. Booking closes at midnight on 24th September.
Randy Bush slides are now available here: http://ossg.bcs.org/wp-content/uploads/140925.cryptech-bcs.pdf