Software Defects – The Broken Windows of Cyberspace

We are gearing up for a major push of strategic security work and as part of the backgrounding for one of the areas I will be working on, I spent an hour of my day listening to a 2009 presentation by David Rice, author of “Geekonomics – The Real Cost of Insecure Software”. which I have embedded below. It’s on the long side at around 1 hour, but certainly worth reviewing. If you can spare an eyeball, take the time to watch the presentation as Davids style is engaging and about as far from “Death by Powerpoint” as you can get.

Geekonomics: The Real Cost of Insecure Software from David Rice on Vimeo.

In typical spooky timing, a reminder about the OWASP NZ Day on July the 7th arrived in my inbox right in the middle of me watching the presentation video.

For those with an interest in security, but yet to attend an OWASP event, it’s certainly something I’d recommend (register here)- not only for the opportunity to chat to others in the industry, but for the great line up of speakers. This year, the event will again be held in Auckland and boasts the following topics:

  • Secure Development: What The OWASP Guide Didn’t Tell You – Blair Strang, Security-Assessment.com
  • I <3 Reporting – Managing Effective Web Application Assessments – Andrew Evans, Kiwibank
  • Testing Mobile Applications – Nick von Dadelszen, Lateral Security
  • Web Crypto for the Developer Who Has Better Things to Do – Adrian Hayes, Security-Assessment.com
  • Concurrency Vulnerabilities – Brett Moore, Insomnia Security
  • A Day in the Life of a WAF – Sam Pickles, F5
  • HTML5 Security – Mike Haworth & Kirk Jackson, Aura Information
  • Security File Uploads are Evil – Kirk Jackson, Aura Information
  • Security Sleeping Easy: Architecting Web Applications Securely – Mark Young, Datacom
  • Real Applications, Real Vulnerabilities, Really Exploited – Quintin Russ, SiteHost

For the developers, there are two 3 hour training courses also being held in parallel to the conference, but with seating limited to 20 participants per session, I’d suggest registering quickly to reserve your spot. More information can be found here.