Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

What Diaspora can learn from Microsoft

709 views

Published on

A presentation for the Blue Hat conference about what the privacy-friendly open source social network Diaspora can learn from Microsoft's experiences in security.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

What Diaspora can learn from Microsoft

  1. 1. What Diaspora* can learn about security from Microsoft Jon Pincus / @jdp23 http://talesfromthe.net October 15, 2010
  2. 2. <ul><li>Diaspora* </li></ul><ul><li>the “privacy-aware, personally-controlled, open-source, do-it-all social network” </li></ul><ul><li>A Facebook alternative like Appleseed, OneSocialWeb, … </li></ul><ul><li>founded in May by four NYU students </li></ul><ul><li>Raised $200K on Kickstarter </li></ul><ul><li>http: //joindiaspora .com </li></ul>
  3. 3. September: first source code release <ul><li>On schedule! </li></ul><ul><li>Basic functionality in place! </li></ul><ul><li>Profiles and aspects </li></ul><ul><li>Status updates </li></ul><ul><li>Photos </li></ul><ul><li>Security: umm … </li></ul>
  4. 4. Does it matter? <ul><li>“ It’s no worse than most web startups …” </li></ul><ul><li>Yeah, but: </li></ul><ul><li>Privacy is key to their value proposition </li></ul><ul><li>A reputation for insecurity will doom them </li></ul><ul><li>So while they’ve made the right tradeoff so far, </li></ul><ul><li>they’ll need to start taking security more seriously </li></ul>
  5. 5. I’m flashing! <ul><li>Remember back in 2001/2002? </li></ul><ul><li>Gartner advisor about IIS </li></ul><ul><li>MikeHow’s SQL injection demo to Bill </li></ul><ul><li>SWI and “the Security Push” </li></ul><ul><li>Substantial investment and progress since then </li></ul><ul><li>- although significant challenges remain </li></ul>
  6. 6. <ul><li>What </li></ul><ul><li>can </li></ul><ul><li>we </li></ul><ul><li>learn? </li></ul>
  7. 7. <ul><li>Reach out to </li></ul><ul><li>the security community </li></ul>
  8. 8. <ul><li>Add security experts </li></ul><ul><li>to the team </li></ul>
  9. 9. <ul><li>Review the code </li></ul>
  10. 10. <ul><li>Document security properties </li></ul><ul><li>and do threat modeling </li></ul>
  11. 11. <ul><li>Use the tools </li></ul><ul><li>(and develop new ones) </li></ul>
  12. 12. <ul><li>Bake security in </li></ul><ul><li>at every stage </li></ul><ul><li>of development </li></ul>
  13. 13. <ul><li>Create a security and privacy </li></ul><ul><li>advisory board. </li></ul>
  14. 14. <ul><li>The longer you wait </li></ul><ul><li>the tougher it gets </li></ul>
  15. 15. What Diaspora* can learn about security from Microsoft Jon Pincus / @jdp23 http://talesfromthe.net October 15, 2010

×