15. It doesn’t matter why it’s hard.
Just matters that it is.
Human factors matter.
16. “Doctors are gentlemen, and
gentlemen’s hands are clean”
From the great debates regarding the Germ Theory of Medicine
You really don’t want to know about the history of Anesthesia.
17. Germ Theory: How does it spread,
what keeps it sterile?
==
Well Defined Interfaces
Known Good State
PRACTICAL
PRACTICAL
PRACTICAL
18. They measured. They monitored.
They learned. They rebooted.
Those white coats? Symbolic.
19. Infosec did not invent “Snake Oil”
We used to take actual snakes, and
press them into actual oil.
20. ACTUAL CHINESE SNAKE OIL WORKS
Snakes are expensive…
Nobody could tell the difference…
Didn’t yet have the analytical chem…
AWKWARD HYPERMETAPHORICAL HISTORY IS AWKWARD
21. “Modeling How Students Learn to
Program”
If you don’t learn it in week 2, you’re
going to fail in week 7.
{piech, sahami, koller, coopers}@cs.stanford.edu, paulob@stanford.edu
36. It’s not just security.
Other fields are easier to measure.
We have to fight harder.
37. Hacker Latency is a problem.
We can’t keep taking years to find
things.
38. “NIH for Cyber” ==
Volunteer Firefighting is cool, but we
don’t have the guy who fights cancer
Nerds, stable funding, a mandate to measure and repair this Internet
45. So let’s.
JFE: Jump to Full Encrytion
# ./jfe -D
There, all services, all ports, valid cert, if a client wants working encryption it’s
there, system-wide
64. If we can’t trust the cloud, we should
dramatically improve isolation.
If we can trust the cloud, we should
dramatically adopt its isolation. It’s
way better than ours.
65. Cloud’s are not JBOS. They’re
services with authenticated
semantics.
Isolation becomes someone else’s problem
Amazon is better at running servers than you are, for all values you in this room
66. Ratelocking: Rate Limiting w/
Serverless Cloud Assets.
$20 in the cash register, not all
corporate earnings.
3 logins every 10 seconds. Not 500M
67. Let the cloud make your server
getting compromised, a
survivable event.
68. The APIs make it hard, so it hasn’t
been getting done.
Let’s make it easy.
71. The value prop of Open Source:
It is easier to find a solution on
GitHub, than from the team down
the hall. Or your own team last year.
None of us have unique problems.
72. We have to fix this.
We can fix this.
Whatever you can do, you can make
a difference here.
Let’s #MakeSecurityEasy.
dan@doxpara.com or @dakami
I’m running hackathons, and gauging interest.