GOTO is a vendor independent international software development conference with more that 90 top speaker and 1300 attendees. The conference cover topics such as .Net, Java, Open Source, Agile, Architecture and Design, Web, Cloud, New Languages and Processes
Vitaly Osipov, TweetSecurity architect at Atlassian and Author of security books
Biography: Vitaly Osipov
Vitaly Osipov, born in Russia, spent the past 14 years working in information security in a number of industries in several European countries and his second home at the other end of the world, in Sydney, Australia. He either has an encyclopedic set of interests or simply suffers from an attention span of a goldfish, he has not decided that yet.
He wrote several books on information security, its offensive and defensive sides, for Syngress/Elsevier.
Vitaly works for Atlassian.
Presentation: TweetSecurity vulnerabilities for grown ups
If you create software and have a reasonable sized customer base, in the next 6 to 12 months you will learn about a security vulnerability in your software. This information will come from outside your company. It would take a form of a customer telling you of a vulnerability they found, a "security researcher"'s report, or (horrors!) a customer having been compromised because of a vulnerability in your software.
The good side here is that your software is popular enough to attract attackers' interest. Congratulations, you are a grown up software vendor! The bad side is everything else.
This talk is about why vulnerabilities occur no matter how hard you try to prevent them, how they occur, and how to deal with them when this happens (the last part is often called product security insident response). There will be examples from a number of sources, including the history of Atlassian.