Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
DON’T JUST STAND THERE – GRAB A BUCKET
THE INTERNET IS ON FIRE
This needs to change, or there is no sustainable, digital future.
THE INTERNET IS ON FIRE AND EVERY
CONNECTED DEVICE IS AT...
I’m calling every developer to pick up the proverbial bucket.
And if you deploy any kind of code, that includes you.
Yes, ...
| WHERE ARE WE?
Our technology is not optional anymore.
| WHERE ARE WE?
In the wake of the digitalization of everything and our rapid and greedy
adoption of new technology, crimi...
| WHERE ARE WE?
We don’t know how many security incidents go undetected,
but the very realistic fear is that it may be a v...
| WHERE ARE WE?
There are typically at least 10 errors or defects in every 1 000 lines of code.
This can typically be redu...
| WHERE ARE WE?
And yet, code now runs almost everything, everywhere.
There is hardly any aspect of life where we aren’t u...
| WHERE ARE WE?
We’ve joined the party without proper protection.
| WHERE ARE WE?
The technological foundation of digitalized society is crumbling.
| HOW DID WE GET HERE?
By being lazy…
| HOW DID WE GET HERE?
By making wrongful assumtions…
| HOW DID WE GET HERE?
| HOW DID WE GET HERE?
| HOW DID WE GET HERE?
Conclusion: Only 3 % of all detected security incidents were detected
by the targeted organization ...
| WHERE ARE WE HEADING?
Towards the proverbial, digital cliff…?
| WHERE ARE WE HEADING?
You need to be aware of how terrible this technology is.
It is not protecting you.
This is not the...
| WHERE ARE WE HEADING?
Possibly to a near future were we can’t trust our digital ground.
| HOW CAN WE AVOID THIS?
Customer demands.
Probably not until it’s “too late”…
Industry self-regulation and competition.
F...
| HOW CAN WE AVOID THIS?
But we can also do it bottom-up.
| HOW CAN WE AVOID THIS?
We can – and should – educate ourselves, and do better.
• Accept that your code will be deployed in ways you never imagined.
• Accept that absolutely all code you deploy will be ...
http://iamthecavalry.org/
@iamthecavalry
Go pick up a bucket
and say after me:
I’ll pitch in to fix it,
I am the Cavalry!
...
We need a better and more
sustainable digital future, and the
world needs your contribution
SECURITY IS ALL ABOUT
SUSTAINA...
/presenter$ whoami
• Name: Frode Hommedal
• Homepage: http://frodehommedal.no/
• Twitter: @FrodeHommedal
• LinkedIn: https...
Upcoming SlideShare
Loading in …5
×

The Internet is on fire – don't just stand there, grab a bucket!

1,802 views

Published on

The Internet is on fire, and every connected device and user is at risk. How did we get here? By not seeing the dangers ahead, by being lazy and by not understanding the threats we are facing and the consequences of failing at building secure and robust infrastructure. This needs to change, and you need to contribute.

Published in: Technology
  • Be the first to comment

The Internet is on fire – don't just stand there, grab a bucket!

  1. 1. DON’T JUST STAND THERE – GRAB A BUCKET THE INTERNET IS ON FIRE
  2. 2. This needs to change, or there is no sustainable, digital future. THE INTERNET IS ON FIRE AND EVERY CONNECTED DEVICE IS AT RISK
  3. 3. I’m calling every developer to pick up the proverbial bucket. And if you deploy any kind of code, that includes you. Yes, you. THIS IS A CALL TO ARMS
  4. 4. | WHERE ARE WE? Our technology is not optional anymore.
  5. 5. | WHERE ARE WE? In the wake of the digitalization of everything and our rapid and greedy adoption of new technology, criminals and spies have followed. The internet, all our technology and the digitalized society is under constant attack from criminals, spies and in some cases even our own governments. The Internet is “on fire”, and every connected device – and user – is at risk. This is a reality. It’s not up for discussion anymore.
  6. 6. | WHERE ARE WE? We don’t know how many security incidents go undetected, but the very realistic fear is that it may be a vast majority of them. Of the detected incidents only 30 % were detected by the targeted organization themselves. Of these 30 %, a whopping 90 % were detected during exfiltration. The average time of detection of an espionage incident is over 200 days.
  7. 7. | WHERE ARE WE? There are typically at least 10 errors or defects in every 1 000 lines of code. This can typically be reduced to less than 1 error or defect in every 1 000 lines of production code after rigorous testing. There is typically left 1 exploitable vulnerability per 1 000 000 lines of code. Every year there are several severe and exploitable vulnerabilities in the majority of popular software. The same seems to be true for hardware.
  8. 8. | WHERE ARE WE? And yet, code now runs almost everything, everywhere. There is hardly any aspect of life where we aren’t using modern IT technology. To quote Melissa Hathaway: “We have put every critical system on the backbone of the Internet, but the Internet wasn't ready for it.” The proof is readily available. Every month you hear about major security breaches with big consequences for people, companies and countries.
  9. 9. | WHERE ARE WE? We’ve joined the party without proper protection.
  10. 10. | WHERE ARE WE? The technological foundation of digitalized society is crumbling.
  11. 11. | HOW DID WE GET HERE? By being lazy…
  12. 12. | HOW DID WE GET HERE? By making wrongful assumtions…
  13. 13. | HOW DID WE GET HERE?
  14. 14. | HOW DID WE GET HERE?
  15. 15. | HOW DID WE GET HERE? Conclusion: Only 3 % of all detected security incidents were detected by the targeted organization themselves before it was to late. Background: Badly written, badly deployed and badly configured code are the enablers for a huge part of the avalanche of security incidents we are currently experiencing. Consequence: The vulnerabilities we introduce in code and IT infrastructure are threatening our personal lives, our businesses, our governments and in reality also our societies.
  16. 16. | WHERE ARE WE HEADING? Towards the proverbial, digital cliff…?
  17. 17. | WHERE ARE WE HEADING? You need to be aware of how terrible this technology is. It is not protecting you. This is not the safe version of the future you’ve seen on Star Trek. This is the dirty ugly version of the future. Everything is a bad neighborhood now. – Dr. Paul Vixie
  18. 18. | WHERE ARE WE HEADING? Possibly to a near future were we can’t trust our digital ground.
  19. 19. | HOW CAN WE AVOID THIS? Customer demands. Probably not until it’s “too late”… Industry self-regulation and competition. Few signs of that happening… Laws and regulations. Too little, too late – and probably not the way we’d want it…
  20. 20. | HOW CAN WE AVOID THIS? But we can also do it bottom-up.
  21. 21. | HOW CAN WE AVOID THIS? We can – and should – educate ourselves, and do better.
  22. 22. • Accept that your code will be deployed in ways you never imagined. • Accept that absolutely all code you deploy will be attacked. • Don’t assume that anyone else will mitigate vulnerabilities in your code. • Don’t assume that exploiting your code will only affect your application. • Accept that lives at some point will depend on the robustness of your code. OUR SUSTAINABLE DIGITAL FUTURE STARTS WITH YOU DEPLOYING BETTER CODE
  23. 23. http://iamthecavalry.org/ @iamthecavalry Go pick up a bucket and say after me: I’ll pitch in to fix it, I am the Cavalry! Be the Cavalry. Build more secure and robust systems even if no-one demands it.
  24. 24. We need a better and more sustainable digital future, and the world needs your contribution SECURITY IS ALL ABOUT SUSTAINABILITY
  25. 25. /presenter$ whoami • Name: Frode Hommedal • Homepage: http://frodehommedal.no/ • Twitter: @FrodeHommedal • LinkedIn: https://no.linkedin.com/in/hommedal

×