Bay Area OWASP Meetup - May 2016

Agenda

• 6:30 Doors Open

• 6:45-7:45 Chris Steipp, Security Team - Wikimedia

• How the Wikimedia Foundation promotes security in the open-source projects

• 7:50 - 8:20 Michael Coates, TISO at Twitter & Kyle Randolph, Principal Security Engineer at Optimizely

• Strategies for growing your AppSec team & influence

• 8:20+ Networking

Pizza will be served.

Chris Steipp - Speaker

Chris Steipp leads the Security Team for the Wikimedia Foundation. He supports privacy, thinks cryptography is fun, and despite working in security for the past 13 years, occasionally still writes PHP.

Talk

Most of us use open source software, both personally and professionally. Some people believe open-source software is essential for creating secure applications. Others distrust open-source software, or are frightened at the prospect of publishing their code. This talk is a (probably overly) transparent view of how the Wikimedia Foundation promotes security in the open-source projects that run Wikipedia, and their 900 other sites.

We will look at the tools and techniques that the WMF, and some other large FOSS projects, have used to improve their application security. Some of these have succeeded, others have been horrible failures. Framed within these experiences, we'll discuss some characteristics you should look for when deciding to use an open-source project, some things you can do if you're running your own open-source project, and how free culture ideas can benefit your application security program. And even if you have no interest in open-source or free culture, come commiserate with us on managing application security without enough resources!

Note: There is a capacity limit to the space. We'll accept meetup RSVP over that limit to handle the normal percentage of attendance vs registration. However, we will restrict RSVPs at a certain point in accordance with capacity.