What Diaspora can learn from Microsoft
Upcoming SlideShare
Loading in...5
×
 

What Diaspora can learn from Microsoft

on

  • 657 views

A presentation for the Blue Hat conference about what the privacy-friendly open source social network Diaspora can learn from Microsoft's experiences in security.

A presentation for the Blue Hat conference about what the privacy-friendly open source social network Diaspora can learn from Microsoft's experiences in security.

Statistics

Views

Total Views
657
Views on SlideShare
624
Embed Views
33

Actions

Likes
0
Downloads
1
Comments
0

1 Embed 33

http://www.talesfromthe.net 33

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

What Diaspora can learn from Microsoft What Diaspora can learn from Microsoft Presentation Transcript

  • What Diaspora* can learn about security from Microsoft Jon Pincus / @jdp23 http://talesfromthe.net October 15, 2010
    • Diaspora*
    • the “privacy-aware, personally-controlled, open-source, do-it-all social network”
    • A Facebook alternative like Appleseed, OneSocialWeb, …
    • founded in May by four NYU students
    • Raised $200K on Kickstarter
    • http: //joindiaspora .com
  • September: first source code release
    • On schedule!
    • Basic functionality in place!
    • Profiles and aspects
    • Status updates
    • Photos
    • Security: umm …
  • Does it matter?
    • “ It’s no worse than most web startups …”
    • Yeah, but:
    • Privacy is key to their value proposition
    • A reputation for insecurity will doom them
    • So while they’ve made the right tradeoff so far,
    • they’ll need to start taking security more seriously
  • I’m flashing!
    • Remember back in 2001/2002?
    • Gartner advisor about IIS
    • MikeHow’s SQL injection demo to Bill
    • SWI and “the Security Push”
    • Substantial investment and progress since then
    • - although significant challenges remain
    • What
    • can
    • we
    • learn?
    • Reach out to
    • the security community
    • Add security experts
    • to the team
    • Review the code
    • Document security properties
    • and do threat modeling
    • Use the tools
    • (and develop new ones)
    • Bake security in
    • at every stage
    • of development
    • Create a security and privacy
    • advisory board.
    • The longer you wait
    • the tougher it gets
  • What Diaspora* can learn about security from Microsoft Jon Pincus / @jdp23 http://talesfromthe.net October 15, 2010