Embed Size (px)
Citation preview
Builders vs Breakers
Saturday, June 1, 13
Hi, I’m Adam
Saturday, June 1, 13
Hi, I’m Adam@adam_baldwin@liftsecurity@nodesecurity
Saturday, June 1, 13
Hi, I’m Adam@evilpacket
Saturday, June 1, 13
Saturday, June 1, 13
Saturday, June 1, 13
Builders Breakers
Saturday, June 1, 13
Builders Breakers
Saturday, June 1, 13
“Fix your captcha so the value isn't actually hidden in the form. (put it in the session and check the post) Friend of the fritz..”
-Adam
Saturday, June 1, 13
Saturday, June 1, 13
“you guys”
Saturday, June 1, 13
Basecamp ClassicSaturday, June 1, 13
“xss is not a feature”Saturday, June 1, 13
Feelings?
Saturday, June 1, 13
Saturday, June 1, 13
Saturday, June 1, 13
Saturday, June 1, 13
Saturday, June 1, 13
Saturday, June 1, 13
Cooperation
Saturday, June 1, 13
Communication
Saturday, June 1, 13
When we listen, really listen, we reveal respect, support, understanding, empathy... We also possess the power to impart a renewed confidence, clarity, and a sense of everything-is-going-to-be-okay when we listen well.
- Stephanie Maier
http://thepot-luck.com/stephaniemaier/all-you-have-to-do-is-listen/
Saturday, June 1, 13
Basecamp ClassicSaturday, June 1, 13
http://37signals.com/security-responseSaturday, June 1, 13
http://37signals.com/security-responseSaturday, June 1, 13
http://37signals.com/security-responseSaturday, June 1, 13
So what can I doas a developer?
Saturday, June 1, 13
SECURITY.md#How to report issue#Expectations#List of humans
Saturday, June 1, 13
http://emberjs.com/security/
Saturday, June 1, 13
Self Disclosureof
VulnerabilitiesSaturday, June 1, 13
Handling a security failure well can build trust.
Saturday, June 1, 13
A new project based on what we’ve learned
aboutbuilders vs breakers
Saturday, June 1, 13
Node Security ProjectSaturday, June 1, 13
andbang.comSaturday, June 1, 13
Node Security Project?
Saturday, June 1, 13
Adam BraultNathan LaFreniereBearMikeal RogersDaniel Shaw
Major ContributorsNeal PooleLuca CarettoniSteven Rivas JrArlo BreaultJacopo Tarantino
Saturday, June 1, 13
Audit every module
Saturday, June 1, 13
31233modules
Saturday, June 1, 13
Fix the broken things
Saturday, June 1, 13
Report Issues we find
Saturday, June 1, 13
Send Pull Requests
Saturday, June 1, 13
Example: Hubot
Saturday, June 1, 13
Saturday, June 1, 13
Saturday, June 1, 13
Saturday, June 1, 13
Publish the results
Saturday, June 1, 13
Saturday, June 1, 13
How to Contribute
Saturday, June 1, 13
nodesecurity.io
Saturday, June 1, 13
- Respect & understand feelings- Proactively communicate & listen- It’s okay to mess up—it can even build trust
Quick Recap
Saturday, June 1, 13
</PRESENTATION>@adam_baldwin | @LiftSecurity
Saturday, June 1, 13
