Abstract
Date
Tuesday Mar 17 / 02:45PM GMT ( 50 minutes )
Location
Rutherford (4th Fl.)
Video
Video is not available
Slides
Slides are not available
Unconference: Software Security & Risk Management
From the same track
Session
Why Governance Matters: The Key to Reducing Risk Without Slowing Down
Tuesday Mar 17 / 10:35AM GMT
When you hear “governance,” you might think of red tape, bureaucracy, or someone telling you what you can’t do. But real governance is about alignment and reducing technical risk. And that matters more than ever.
Sarah Wells
Independent Consultant and Author
Session
Building on Bedrock: A Security Philosophy from Bootloader to Runtime
Tuesday Mar 17 / 11:45AM GMT
In Minecraft, every world is built from blocks. At the very bottom lies bedrock: an unbreakable foundation that everything else rests on. Above it sit layers of stone, dirt, sand, and other materials.
Alex Zenla
Founder & CTO @Edera
Session
From Chaos to Clarity: Modern SBOM Practices That Actually Work
Tuesday Mar 17 / 01:35PM GMT
In this talk, Viktor will walk you through everything you need to know to build a practical and future ready SBOM strategy.
Viktor Petersson
Founder of sbomify, Co-founder & CEO of Screenly, Host of Nerding Out with Viktor
Session
Catching Attacks in the Act: eBPF for Runtime Security
Tuesday Mar 17 / 03:55PM GMT
Since the SolarWinds attack and the Biden-era cybersecurity executive order, much of the security industry’s energy has gone into preventing attacks in the software supply chain, before software is ever deployed. That work matters — but it is not enough.
Liz Rice
Chief Open Source Officer @Isovalent at Cisco, Ex-Governing Board at CNCF and OpenUK, Emeritus Chair, CNCF Technical Oversight Committee, eBPF, Security, Cilium, Cloud Native
Session
Adopting Memory-Safety and Fine-Grained Compartmentalisation With CHERI
Tuesday Mar 17 / 05:05PM GMT
This talk will describe how CHERI achieves memory safety for existing code with just a recompile and how that non-bypassable memory safety can be used as a building block for higher-level security abstractions.