DEVELOPERS AS A MALWARE DISTRIBUTION VEHICLE

A malicious XCode injected malware into thousands of apps, stealing data of millions of users. Tokens committed to a GitHub repo exposed millions of Uber drivers and passengers. A phished developer gave the Syrian Electronic Army access to the Financial Times’ site. What do all of these have in common? They were caused by developers. Well-intentioned, smart and experienced developers. They had nothing to do with writing insecure code, and everything to do with the incredible access we’re entrusted with, ranging from code that reaches millions to direct access to these users’ data. In the name of DevOps, we’ve made developers incredibly powerful – but when does such access become unacceptable risk? Are there architectures and processes that let us move fast without exposing the keys to the kingdom? Can our culture be trusting and agile yet have a healthy appreciation of risk? Besides building a sober appreciation of this risk, this talk will help equip us to handle it. We’ll learn risk management from role models inside and outside of tech, understand cognitive biases, and build the case that good security constraints can actually help us move faster. Lastly, we’ll share a vision of where we may be headed, and how we can protect ourselves – and our users. EVENT: Node Summit 2018 SPEAKER: Guy Podjarny PERMISSIONS: Node Summit Organizer provided Coding Tech with the permission to publish this video. https://www.youtube.com/watch?v=6Ex8nrng4Ps