Patricia Aas, profile picture
Uploaded byPatricia Aas
PDF, PPTX304 views

Make it Fixable (CppCon 2018)

Patricia Aas's presentation at cppcon 2018 emphasizes the importance of managing security in software development by focusing on key issues like fixing vulnerabilities, controlling dependencies, and owning code responsibilities. She outlines actionable strategies such as ensuring regular updates, accountability in coding practices, and promoting a trustworthy user experience. Aas concludes by advocating for a proactive security culture within teams and the necessity of having a dedicated security hotline.

Technology
Related topics:
Information Security

Embed presentation

Download as PDF, PPTX
@pati_gallardo T S
Make it Fixable Living with Risk Patricia Aas CppCon 2018 T S @pati_gallardo
Patricia Aas - Consultant Programmer, Application Security Currently : T S Previously : Vivaldi, Cisco Systems, Knowit, Opera Software Master in Computer Science - main language Java Pronouns: she/her T S @pati_gallardo
Security is Hard @pati_gallardo 5
Just Remember : - You live in the real world - Take one step at a time - Make a Plan @pati_gallardo 6
You Need A Security “Hotline” security@example.com Symbiotic relationship Be polite Be grateful Be professional Be efficient and transparent @pati_gallardo 7
- What is a System? - What is a vulnerability? - @pati_gallardo 8
1. Unable to Roll Out Fixes 2. No Control over Dependencies 3. The Team is Gone 4. It’s in Our Code 5. My Boss Made Me Do It 6. User Experience of Security Outline @pati_gallardo 9
Unable to Roll Out Fixes 1 @pati_gallardo 10
Unable to Roll out Fixes Unable to Update Unable to Build @pati_gallardo 11
Internet of Things Toys: My Friend Cayla, i-Que Intelligent Robots, Hello Barbie Mirai: Botnets created with IOT devices, users don’t update “Shelfware” No Maintenance contract Abandonware Closed source - no way to fix/fork Unable to Roll Out Fixes. 12 @pati_gallardo
Internet of Things - Auto-update - Different default passwords - Unboxing security (make the user change the password) “Shelfware” - Get maintenance contract - Change supplier - Do in-house - Use only Open Source Software Fix : Ship It! Unable to Roll Out Fixes. 13 @pati_gallardo
Fix : Ship It! Holy Grail : Continuous Deployment and Auto Update - A Build Environment - Update Mechanism Unable to Roll Out Fixes. 14 @pati_gallardo
Some systems should not be “fixed” A major election software maker allowed remote access on its systems for years Exceptions? 15 @pati_gallardo
No Control over Dependencies 2 @pati_gallardo
No Control over Dependencies No inventory No update routines No auditing @pati_gallardo 17
Equifax Breach Known vulunerability in Apache Struts 2 Heartbleed Bug in openssl Left-Pad Developer unpublished a mini-Js library No Control over Dependencies 18 @pati_gallardo
Equifax Breach Continuous Dependency Auditing Heartbleed Control over production environment Left-Pad Remove unnecessary dependencies Fix: Control It! No Control over Dependencies 19 @pati_gallardo
Fix: Control It! Goal : Largely Automated Dependency Monitoring Remember transitive dependencies Monitor and Update No Control over Dependencies @pati_gallardo 20
The Team is Gone 3 @pati_gallardo 21
The Team Is Gone - Team were consultants - They were downsized - The job was outsourced - “Bus factor” - “Binary blob” - Abandonware @pati_gallardo 22
Fix : Own It! Goal : Complete Build Environment Fork it, own it The Team Is Gone. @pati_gallardo 23
Use It! @pati_gallardo 24
It’s in Our Code 4 @pati_gallardo 25
It’s in Our Code Congratulations! This is Actually the BEST CASE SCENARIO @pati_gallardo 26
Keeper Password Manager - Reporter: Tavis Ormandy (@taviso) - “allowing any website to steal any password” - Browser plugin preinstalled on Windows - Badly handled report: Sues news reporter Dan Goodin It’s In Our Code 27 @pati_gallardo
gitlab.com - “rm -rf” - Sysadmin maintenance - Cascading errors as backups fail - All logged Publicly in real time Transparency Breeds Trust That is how you recover Fix : Live It! It’s In Our Code 28 @pati_gallardo
Fix : Live It! Goal : Prevent & Cure Prevention is great, but the Cure is to Ship It’s In Our Code 29 @pati_gallardo
My Boss Made Me Do It 5 @pati_gallardo 30
My Boss Made Me Do It The Feature is the Bug How? - Security Problem - Privacy Problem - Unethical - Illegal @pati_gallardo 31
Capcom's Street Fighter V - Installed a driver - “anti-crack solution” “...disables supervisor-mode execution protection and then runs the arbitrary code passed in through the ioctl buffer with kernel permissions..” - Reddit user extrwi My Boss Made Me Do It 32 @pati_gallardo
KrebsOnSecurity: "For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records" @pati_gallardo 33
Fix : Protect It! Goal : Protect your user Prevent : Protect your team - Workers rights - Team can diffuse blame Cure : Protect your company - Find a Powerful Ally - Do Risk Analysis : Brand Reputation, Trust - Use the Law LAST RESORT : Whistleblowing & Quitting My Boss Made Me Do It 34 @pati_gallardo
Google: DragonFly - "A plan to launch a censored search engine in China" - Employee authors a memo - Internal protests Maersk: NotPetya - Ransomware spreads globally, insufficient network segmentation - “IT executives had pushed for a preemptive security redesign” These are often the Unsung Heroes (Last Resort : Edward Snowden) Fix : Protect It! My Boss Made Me Do It 35 @pati_gallardo
Ship It, Control It, Own It, Live It & Protect It @pati_gallardo 36
- You need a Security Hotline - You Have to Ship Recap @pati_gallardo 37
Designing the User Experience of Security 6 @pati_gallardo 38
@pati_gallardo 39
The Users Won’t Read Error blindness “Just click next” “Make it go away” 40 @pati_gallardo
Fix : Less is More Don’t leave it to the user Have good defaults Be very explicit when needed 41 @pati_gallardo
They Trust You With Personal Information With Data With Money 42 @pati_gallardo
Fix : Be Trustworthy Only store what you have to Back up everything Use third party payment Be loyal to your end user 43 @pati_gallardo
Ship It, Control It, Own It, Live It & Protect It Design For It @pati_gallardo 44
T S P f . Patricia Aas, T S @pati_gallardo
@pati_gallardo T S

More Related Content

PDF
Make It Fixable, Living with Risk (NDC London 2018)
byPatricia Aas
 
PDF
Continuous Security
byEqual Experts
 
PDF
Simplified Security Code Review Process
bySherif Koussa
 
PPTX
Segurança além do Pentest
byAnchises Moraes
 
PPTX
Só o Pentest não resolve!
byAnchises Moraes
 
PDF
Fighting malware - keeping your Intellectual Property safe
byPrayukth K V
 
PDF
Dutch PHP 2018 - Cryptography for Beginners
byAdam Englander
 
PDF
2019 dsec stego_ppt
by승형 이
 
Make It Fixable, Living with Risk (NDC London 2018)
byPatricia Aas
 
Continuous Security
byEqual Experts
 
Simplified Security Code Review Process
bySherif Koussa
 
Segurança além do Pentest
byAnchises Moraes
 
Só o Pentest não resolve!
byAnchises Moraes
 
Fighting malware - keeping your Intellectual Property safe
byPrayukth K V
 
Dutch PHP 2018 - Cryptography for Beginners
byAdam Englander
 
2019 dsec stego_ppt
by승형 이
 

What's hot

PDF
It's Okay To Touch Yourself - DerbyCon 2013
byBen Ten (0xA)
 
PDF
Revealing Resilience Vulnerabilities in Spring Boot Architectures
byVMware Tanzu
 
PDF
2019 04-04-dev secops-software supply chain_fst-2
byCameron Townshend
 
DOCX
Charan Resume
byCharan Mukkamala
 
PDF
Reading Other Peoples Code (NDC Sydney 2018)
byPatricia Aas
 
PPTX
API Security: Assume Possible Interference
byJulie Tsai
 
PDF
Why Is Election Security So Hard? (Paranoia 2019)
byPatricia Aas
 
It's Okay To Touch Yourself - DerbyCon 2013
byBen Ten (0xA)
 
Revealing Resilience Vulnerabilities in Spring Boot Architectures
byVMware Tanzu
 
2019 04-04-dev secops-software supply chain_fst-2
byCameron Townshend
 
Charan Resume
byCharan Mukkamala
 
Reading Other Peoples Code (NDC Sydney 2018)
byPatricia Aas
 
API Security: Assume Possible Interference
byJulie Tsai
 
Why Is Election Security So Hard? (Paranoia 2019)
byPatricia Aas
 

Similar to Make it Fixable (CppCon 2018)

PDF
Make It Fixable (Sikkert NOK 2017)
byPatricia Aas
 
PDF
Make it Fixable (NDC Copenhagen 2018)
byPatricia Aas
 
PDF
Make it Fixable, Living with Risk (Paranoia 2017)
byPatricia Aas
 
PDF
DevSecOps for Developers, How To Start (ETC 2020)
byPatricia Aas
 
PDF
Make it Fixable (Security Divas 2017)
byPatricia Aas
 
PDF
11 secure development
byLen Bass
 
PDF
Wfh security risks - Ed Adams, President, Security Innovation
byPriyanka Aash
 
PDF
ScotSecure 2020
byRay Bugg
 
PPTX
Don't blink creating secure software
bylogsentinel
 
PDF
Tech Talent Meetup Hacking Security Event Recap
byDominic Vogel
 
PDF
Zero Privilege Architectures v1.1_for distribution.pdf
byThijs Ebbers
 
PDF
Secure Coding principles by example: Build Security In from the start - Carlo...
byCodemotion
 
PPTX
Hackers contemplations
byChris Roberts
 
PPTX
vodQA(Pune) 2018 - QAing the security way
byvodQA
 
PDF
QAing the security way!
byAmit Gundiyal
 
PDF
The Future of Software Security Assurance
byRafal Los
 
PPTX
Securing Systems - Still Crazy After All These Years
byAdrian Sanabria
 
PDF
The Thing That Should Not Be
bymorisson
 
PPTX
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
bySecurity Innovation
 
ODP
Break it while you make it: writing (more) secure software
byLeigh Honeywell
 
Make It Fixable (Sikkert NOK 2017)
byPatricia Aas
 
Make it Fixable (NDC Copenhagen 2018)
byPatricia Aas
 
Make it Fixable, Living with Risk (Paranoia 2017)
byPatricia Aas
 
DevSecOps for Developers, How To Start (ETC 2020)
byPatricia Aas
 
Make it Fixable (Security Divas 2017)
byPatricia Aas
 
11 secure development
byLen Bass
 
Wfh security risks - Ed Adams, President, Security Innovation
byPriyanka Aash
 
ScotSecure 2020
byRay Bugg
 
Don't blink creating secure software
bylogsentinel
 
Tech Talent Meetup Hacking Security Event Recap
byDominic Vogel
 
Zero Privilege Architectures v1.1_for distribution.pdf
byThijs Ebbers
 
Secure Coding principles by example: Build Security In from the start - Carlo...
byCodemotion
 
Hackers contemplations
byChris Roberts
 
vodQA(Pune) 2018 - QAing the security way
byvodQA
 
QAing the security way!
byAmit Gundiyal
 
The Future of Software Security Assurance
byRafal Los
 
Securing Systems - Still Crazy After All These Years
byAdrian Sanabria
 
The Thing That Should Not Be
bymorisson
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
bySecurity Innovation
 
Break it while you make it: writing (more) secure software
byLeigh Honeywell
 

More from Patricia Aas

PDF
The fundamental misunderstanding in Team Topologies
byPatricia Aas
 
PDF
NDC TechTown 2023_ Return Oriented Programming an introduction.pdf
byPatricia Aas
 
PDF
Telling a story
byPatricia Aas
 
PDF
Return Oriented Programming, an introduction
byPatricia Aas
 
PDF
I can't work like this (KDE Academy Keynote 2021)
byPatricia Aas
 
PDF
Dependency Management in C++ (NDC TechTown 2021)
byPatricia Aas
 
PDF
Introduction to Memory Exploitation (Meeting C++ 2021)
byPatricia Aas
 
PDF
Classic Vulnerabilities (MUCplusplus2022).pdf
byPatricia Aas
 
PDF
Classic Vulnerabilities (ACCU Keynote 2022)
byPatricia Aas
 
PDF
Introduction to Memory Exploitation (CppEurope 2021)
byPatricia Aas
 
PDF
Thoughts On Learning A New Programming Language
byPatricia Aas
 
PDF
Trying to build an Open Source browser in 2020
byPatricia Aas
 
PDF
Trying to build an Open Source browser in 2020
byPatricia Aas
 
PDF
The Anatomy of an Exploit (NDC TechTown 2019)
byPatricia Aas
 
PDF
Elections: Trust and Critical Infrastructure (NDC TechTown 2019)
byPatricia Aas
 
PDF
The Anatomy of an Exploit (NDC TechTown 2019))
byPatricia Aas
 
PDF
Elections, Trust and Critical Infrastructure (NDC TechTown)
byPatricia Aas
 
PDF
Survival Tips for Women in Tech (JavaZone 2019)
byPatricia Aas
 
PDF
Embedded Ethics (EuroBSDcon 2019)
byPatricia Aas
 
PDF
Chromium Sandbox on Linux (NDC Security 2019)
byPatricia Aas
 
The fundamental misunderstanding in Team Topologies
byPatricia Aas
 
NDC TechTown 2023_ Return Oriented Programming an introduction.pdf
byPatricia Aas
 
Telling a story
byPatricia Aas
 
Return Oriented Programming, an introduction
byPatricia Aas
 
I can't work like this (KDE Academy Keynote 2021)
byPatricia Aas
 
Dependency Management in C++ (NDC TechTown 2021)
byPatricia Aas
 
Introduction to Memory Exploitation (Meeting C++ 2021)
byPatricia Aas
 
Classic Vulnerabilities (MUCplusplus2022).pdf
byPatricia Aas
 
Classic Vulnerabilities (ACCU Keynote 2022)
byPatricia Aas
 
Introduction to Memory Exploitation (CppEurope 2021)
byPatricia Aas
 
Thoughts On Learning A New Programming Language
byPatricia Aas
 
Trying to build an Open Source browser in 2020
byPatricia Aas
 
Trying to build an Open Source browser in 2020
byPatricia Aas
 
The Anatomy of an Exploit (NDC TechTown 2019)
byPatricia Aas
 
Elections: Trust and Critical Infrastructure (NDC TechTown 2019)
byPatricia Aas
 
The Anatomy of an Exploit (NDC TechTown 2019))
byPatricia Aas
 
Elections, Trust and Critical Infrastructure (NDC TechTown)
byPatricia Aas
 
Survival Tips for Women in Tech (JavaZone 2019)
byPatricia Aas
 
Embedded Ethics (EuroBSDcon 2019)
byPatricia Aas
 
Chromium Sandbox on Linux (NDC Security 2019)
byPatricia Aas
 

Recently uploaded

PDF
How to Connect HP LaserJet MFP M234dwe to WiFi
byPrinter Tales
 
PDF
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
PDF
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
PPTX
Sensors-and-Actuators-in-IoT-Systems.pptx
byMuhammedNihal54
 
PDF
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
PDF
oracle_apex_tamil_export_an_application.pdf
byUthamaselvan M
 
PPTX
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
PDF
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
PPTX
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
PDF
threat-hunters-cookbook for cybersecurity
bylobster6719
 
PPTX
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
PDF
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
PDF
Scott M. Graffius' Phases of Team Development - Applied to Human Teams and Hu...
byScott M. Graffius
 
PDF
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
PPTX
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
PDF
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
PDF
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
PPTX
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
PDF
The CISO_Transformation_Playbook From Cost Centre to Chief Trust Officer
bysajjasridhar1990
 
How to Connect HP LaserJet MFP M234dwe to WiFi
byPrinter Tales
 
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
Sensors-and-Actuators-in-IoT-Systems.pptx
byMuhammedNihal54
 
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
oracle_apex_tamil_export_an_application.pdf
byUthamaselvan M
 
TechSprint Kickoff - Everything You Need to Know
bygdgcodecellcmpn
 
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
threat-hunters-cookbook for cybersecurity
bylobster6719
 
On-Device AI with Gemma 3n and PaliGemma 2 Session Slides - GDG VESIT
bygdgcodecellcmpn
 
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
Scott M. Graffius' Phases of Team Development - Applied to Human Teams and Hu...
byScott M. Graffius
 
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
Best-Travel-Portal-Development-Solutions-for-Online-Growth
bykashishnagarrajput
 
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
The CISO_Transformation_Playbook From Cost Centre to Chief Trust Officer
bysajjasridhar1990
 

Make it Fixable (CppCon 2018)

  • 1.
  • 3.
    Make it Fixable Livingwith Risk Patricia Aas CppCon 2018 T S @pati_gallardo
  • 4.
    Patricia Aas - Consultant Programmer,Application Security Currently : T S Previously : Vivaldi, Cisco Systems, Knowit, Opera Software Master in Computer Science - main language Java Pronouns: she/her T S @pati_gallardo
  • 5.
    Security is Hard@pati_gallardo 5
  • 6.
    Just Remember : -You live in the real world - Take one step at a time - Make a Plan @pati_gallardo 6
  • 7.
    You Need ASecurity “Hotline” security@example.com Symbiotic relationship Be polite Be grateful Be professional Be efficient and transparent @pati_gallardo 7
  • 8.
    - What isa System? - What is a vulnerability? - @pati_gallardo 8
  • 9.
    1. Unable toRoll Out Fixes 2. No Control over Dependencies 3. The Team is Gone 4. It’s in Our Code 5. My Boss Made Me Do It 6. User Experience of Security Outline @pati_gallardo 9
  • 10.
    Unable to RollOut Fixes 1 @pati_gallardo 10
  • 11.
    Unable to Roll outFixes Unable to Update Unable to Build @pati_gallardo 11
  • 12.
    Internet of Things Toys:My Friend Cayla, i-Que Intelligent Robots, Hello Barbie Mirai: Botnets created with IOT devices, users don’t update “Shelfware” No Maintenance contract Abandonware Closed source - no way to fix/fork Unable to Roll Out Fixes. 12 @pati_gallardo
  • 13.
    Internet of Things -Auto-update - Different default passwords - Unboxing security (make the user change the password) “Shelfware” - Get maintenance contract - Change supplier - Do in-house - Use only Open Source Software Fix : Ship It! Unable to Roll Out Fixes. 13 @pati_gallardo
  • 14.
    Fix : ShipIt! Holy Grail : Continuous Deployment and Auto Update - A Build Environment - Update Mechanism Unable to Roll Out Fixes. 14 @pati_gallardo
  • 15.
    Some systems should notbe “fixed” A major election software maker allowed remote access on its systems for years Exceptions? 15 @pati_gallardo
  • 16.
    No Control overDependencies 2 @pati_gallardo
  • 17.
    No Control over Dependencies Noinventory No update routines No auditing @pati_gallardo 17
  • 18.
    Equifax Breach Known vulunerabilityin Apache Struts 2 Heartbleed Bug in openssl Left-Pad Developer unpublished a mini-Js library No Control over Dependencies 18 @pati_gallardo
  • 19.
    Equifax Breach Continuous DependencyAuditing Heartbleed Control over production environment Left-Pad Remove unnecessary dependencies Fix: Control It! No Control over Dependencies 19 @pati_gallardo
  • 20.
    Fix: Control It! Goal: Largely Automated Dependency Monitoring Remember transitive dependencies Monitor and Update No Control over Dependencies @pati_gallardo 20
  • 21.
    The Team isGone 3 @pati_gallardo 21
  • 22.
    The Team IsGone - Team were consultants - They were downsized - The job was outsourced - “Bus factor” - “Binary blob” - Abandonware @pati_gallardo 22
  • 23.
    Fix : OwnIt! Goal : Complete Build Environment Fork it, own it The Team Is Gone. @pati_gallardo 23
  • 24.
  • 25.
    It’s in OurCode 4 @pati_gallardo 25
  • 26.
    It’s in OurCode Congratulations! This is Actually the BEST CASE SCENARIO @pati_gallardo 26
  • 27.
    Keeper Password Manager -Reporter: Tavis Ormandy (@taviso) - “allowing any website to steal any password” - Browser plugin preinstalled on Windows - Badly handled report: Sues news reporter Dan Goodin It’s In Our Code 27 @pati_gallardo
  • 28.
    gitlab.com - “rm -rf” -Sysadmin maintenance - Cascading errors as backups fail - All logged Publicly in real time Transparency Breeds Trust That is how you recover Fix : Live It! It’s In Our Code 28 @pati_gallardo
  • 29.
    Fix : LiveIt! Goal : Prevent & Cure Prevention is great, but the Cure is to Ship It’s In Our Code 29 @pati_gallardo
  • 30.
    My Boss MadeMe Do It 5 @pati_gallardo 30
  • 31.
    My Boss MadeMe Do It The Feature is the Bug How? - Security Problem - Privacy Problem - Unethical - Illegal @pati_gallardo 31
  • 32.
    Capcom's Street FighterV - Installed a driver - “anti-crack solution” “...disables supervisor-mode execution protection and then runs the arbitrary code passed in through the ioctl buffer with kernel permissions..” - Reddit user extrwi My Boss Made Me Do It 32 @pati_gallardo
  • 33.
    KrebsOnSecurity: "For 2nd Timein 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records" @pati_gallardo 33
  • 34.
    Fix : ProtectIt! Goal : Protect your user Prevent : Protect your team - Workers rights - Team can diffuse blame Cure : Protect your company - Find a Powerful Ally - Do Risk Analysis : Brand Reputation, Trust - Use the Law LAST RESORT : Whistleblowing & Quitting My Boss Made Me Do It 34 @pati_gallardo
  • 35.
    Google: DragonFly - "Aplan to launch a censored search engine in China" - Employee authors a memo - Internal protests Maersk: NotPetya - Ransomware spreads globally, insufficient network segmentation - “IT executives had pushed for a preemptive security redesign” These are often the Unsung Heroes (Last Resort : Edward Snowden) Fix : Protect It! My Boss Made Me Do It 35 @pati_gallardo
  • 36.
    Ship It, ControlIt, Own It, Live It & Protect It @pati_gallardo 36
  • 37.
    - You needa Security Hotline - You Have to Ship Recap @pati_gallardo 37
  • 38.
    Designing the UserExperience of Security 6 @pati_gallardo 38
  • 39.
  • 40.
    The Users Won’tRead Error blindness “Just click next” “Make it go away” 40 @pati_gallardo
  • 41.
    Fix : Lessis More Don’t leave it to the user Have good defaults Be very explicit when needed 41 @pati_gallardo
  • 42.
    They Trust You WithPersonal Information With Data With Money 42 @pati_gallardo
  • 43.
    Fix : BeTrustworthy Only store what you have to Back up everything Use third party payment Be loyal to your end user 43 @pati_gallardo
  • 44.
    Ship It, ControlIt, Own It, Live It & Protect It Design For It @pati_gallardo 44
  • 45.
    T S P f . PatriciaAas, T S @pati_gallardo
  • 46.