Open source your code, not your keys and secrets
Room A | Wed 22 Jan 2:25 p.m.–3:10 p.m.
Presented by
-
Alistair Chapman
@agc93
https://agc93.au
Alistair Chapman is an Australian Information Security engineer and .NET developer. As well as working in InfoSec, Alistair has also been building, contributing and maintaining open source projects for the last decade, working with a variety of different projects and communities in the .NET ecosystem and beyond. Alistair’s current passions are cloud security architecture, cross-platform .NET, containerisation and DevOps automation.
By day however, Alistair is a Senior Cloud Security Engineer at Red Hat specializing in incident response and security architecture for public and hybrid cloud environments based in Brisbane, Australia.
Alistair Chapman
@agc93
https://agc93.au
Abstract
Once upon a time, we were seeing new data compromises and sensitive secrets leak on practically a monthly basis, but those days are gone. Now, they’re happening hourly. Let’s take a look at how to keep your projects secure, stay out of the headlines, and keep your security team’s sanity intact.
This presentation will be a primer for open source communities, based on years of experience with open source and cloud platform security, where Alistair will present a broad overview of how to keep your secrets safe when building in the open. This includes using open source technologies to secure and monitor your secrets, improving development and contribution processes to reduce the risk of leaks, and how to handle compromised secrets when they happen. No matter the size of your team, or what you’re building, you’re more than likely having to manage secrets of some kind, anything from a complex suite of API keys for every cloud platform under the sun, to that one password that you’re not sure how to reset.
Whether you’re a developer building open source software, an operations team trying to wrangle an ever-increasing number of cloud platforms and services, or a contributor looking to get into OSS, this talk should give you real-world information on the risks that lead to secret compromises, and give you the tools needed to prevent them.
Once upon a time, we were seeing new data compromises and sensitive secrets leak on practically a monthly basis, but those days are gone. Now, they’re happening hourly. Let’s take a look at how to keep your projects secure, stay out of the headlines, and keep your security team’s sanity intact. This presentation will be a primer for open source communities, based on years of experience with open source and cloud platform security, where Alistair will present a broad overview of how to keep your secrets safe when building in the open. This includes using open source technologies to secure and monitor your secrets, improving development and contribution processes to reduce the risk of leaks, and how to handle compromised secrets when they happen. No matter the size of your team, or what you’re building, you’re more than likely having to manage secrets of some kind, anything from a complex suite of API keys for every cloud platform under the sun, to that one password that you’re not sure how to reset. Whether you’re a developer building open source software, an operations team trying to wrangle an ever-increasing number of cloud platforms and services, or a contributor looking to get into OSS, this talk should give you real-world information on the risks that lead to secret compromises, and give you the tools needed to prevent them.