What Not To Document – And Why

Our top priority while writing documentation is helping our users—as it should be. If you document some things too thoroughly, though, you may also help people you don’t want to assist. Attackers looking to exploit your software and harm your users are also reading the docs. This year, one company ran into this problem when a prominent security professional posted a documentation snippet to Twitter—accidentally revealing a vulnerability that launched the security team into an emergency response plan. In this talk, I’ll explain how you can support your company’s security posture by strategically omitting information that helps attackers more than end users, what information is most important to exclude, and how each piece of information can help an attacker if you choose to include it.

OUR SPEAKER:
Margaret Fero

Margaret is passionate about information security, technical writing, and interdisciplinary connections. She holds a GSEC security certification, and has written UX copy, compliance documentation, and user-facing documentation for a variety of industries. She has spoken at conferences including the O’Reilly Open Source Convention (OSCON), ToorCon, Abstractions II, and Write The Docs Day: Australia.

PROGRAM:
6:00 p.m. GreetingsSocialize and network
6:15 p.m. Announcements/Introductions
6:30 p.m. Presentation, followed by questions and answers
7:30 p.m. Closing announcements/job postings/
7:35 Informal conversation
8 p.m. Lights out

-TRANSIT:
Stand up from your desk. Turn around three times, and say "There's no place like home."
Then click on the Zoom link, provided by email before the meeting.

CODE OF CONDUCT: We're an inclusive, caring group. Please take a moment to read the Write The Docs Code of Conduct, http://www.writethedocs.org/code-of-conduct/

We're on Twitter
https://twitter.com/WTD_SFBayArea