What Diaspora can learn from Microsoft

550 views
535 views

Published on

A presentation for the Blue Hat conference about what the privacy-friendly open source social network Diaspora can learn from Microsoft's experiences in security.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
550
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

What Diaspora can learn from Microsoft

  1. 1. What Diaspora* can learn about security from Microsoft Jon Pincus / @jdp23 http://talesfromthe.net October 15, 2010
  2. 2. <ul><li>Diaspora* </li></ul><ul><li>the “privacy-aware, personally-controlled, open-source, do-it-all social network” </li></ul><ul><li>A Facebook alternative like Appleseed, OneSocialWeb, … </li></ul><ul><li>founded in May by four NYU students </li></ul><ul><li>Raised $200K on Kickstarter </li></ul><ul><li>http: //joindiaspora .com </li></ul>
  3. 3. September: first source code release <ul><li>On schedule! </li></ul><ul><li>Basic functionality in place! </li></ul><ul><li>Profiles and aspects </li></ul><ul><li>Status updates </li></ul><ul><li>Photos </li></ul><ul><li>Security: umm … </li></ul>
  4. 4. Does it matter? <ul><li>“ It’s no worse than most web startups …” </li></ul><ul><li>Yeah, but: </li></ul><ul><li>Privacy is key to their value proposition </li></ul><ul><li>A reputation for insecurity will doom them </li></ul><ul><li>So while they’ve made the right tradeoff so far, </li></ul><ul><li>they’ll need to start taking security more seriously </li></ul>
  5. 5. I’m flashing! <ul><li>Remember back in 2001/2002? </li></ul><ul><li>Gartner advisor about IIS </li></ul><ul><li>MikeHow’s SQL injection demo to Bill </li></ul><ul><li>SWI and “the Security Push” </li></ul><ul><li>Substantial investment and progress since then </li></ul><ul><li>- although significant challenges remain </li></ul>
  6. 6. <ul><li>What </li></ul><ul><li>can </li></ul><ul><li>we </li></ul><ul><li>learn? </li></ul>
  7. 7. <ul><li>Reach out to </li></ul><ul><li>the security community </li></ul>
  8. 8. <ul><li>Add security experts </li></ul><ul><li>to the team </li></ul>
  9. 9. <ul><li>Review the code </li></ul>
  10. 10. <ul><li>Document security properties </li></ul><ul><li>and do threat modeling </li></ul>
  11. 11. <ul><li>Use the tools </li></ul><ul><li>(and develop new ones) </li></ul>
  12. 12. <ul><li>Bake security in </li></ul><ul><li>at every stage </li></ul><ul><li>of development </li></ul>
  13. 13. <ul><li>Create a security and privacy </li></ul><ul><li>advisory board. </li></ul>
  14. 14. <ul><li>The longer you wait </li></ul><ul><li>the tougher it gets </li></ul>
  15. 15. What Diaspora* can learn about security from Microsoft Jon Pincus / @jdp23 http://talesfromthe.net October 15, 2010

×