Luke O'Malley

Luke O'Malley

Speaker
Luke O’Malley is the co-founder of r2c, a company profoundly improving software security and reliability. As its Head of Product he works with the world’s leading developers to improve their build tooling and development practices. Previously he led developer tools teams at Palantir, wrote software to support counter-terrorism efforts, and researched propulsion systems for deep-space exploration. Luke is an angel investor in the dev tools and security space. He received his BS degree in Electrical Engineering and Computer Science from MIT. His other interests include bee keeping, adventure motorcycling, and typography.

Eradicating Vulnerability Classes by Embracing Secure Defaults and Invariants

There’s a significant shift ongoing in how security teams operate and prioritize their limited budget and person-time. Rather than investing in finding more bugs, some teams are instead building frameworks and services with secure defaults so that developers can build features quickly and securely. Using secure defaults and lightweight checks that enforce invariants (properties that must always hold), organizations can solve classes of vulnerabilities.

In this talk, we present a practical methodology for how to:

  • choose what to focus your AppSec resources on
  • combine secure defaults + lightweight invariant enforcement to eradicate entire vulnerability classes
  • integrate continuous code scanning into CI/CD processes that’s fast, high signal, and low friction for developers
  • use an open source, lightweight security tool to find bugs and anti-patterns specific to your organization

We’ll also share open source rules we created that found a number of CVEs in popular open source repositories.



Schedule : September 25, 2020 - 09:45 AM