Boston Security October 2024 Meetup

Important Notice

All meetup venues we currently use require us to provide a list of names (First & Last) to their door security so they can check people in at the time of the event. We are also required to bring "a picture ID" that matches the name we provide at the time of registration. Please be mindful of this requirement and provide the necessary information to ensure a smooth check in process at the door. Thank you for your cooperation - the management!

ONLY HUMANS ALLOWED AT THIS EVENT

What: We continue to our two talk format. We also will have a cool sticker swap and show & tell slot.

>>> Bring your favorite stickers and tell us where you got it. Bring extras and swap it with fellow security enthusiasts at the sticker swap table! <<<

Talk #1 - Be a better Oppenheimer: Balancing Innovation and Security in Modern Development by Thomas Gleason

Description - In the rapidly evolving tech landscape, developers, often likened to modern-day Oppenheimers, are tasked with pushing boundaries to innovate swiftly. However, this quest for speed can sometimes lead to the oversight of security protocols. This presentation addresses the balance between development priorities and security protocols, proposing a unified language for Application Security (AppSec). It highlights the importance of shared insights into open-source usage, the risks associated with current tooling practices, and the advantage of contextualizing application-specific vulnerabilities over generic severity ratings. Join us to explore strategies that align security measures with development goals, ensuring rapid innovation without compromising security.

Speaker - Thomas Gleason looks after his customers at Endor Labs. Worked in the AppSec & Cyber space for 10+ years. Has gotten to see the rise (and plateau) of DevSecOps. Large family, cooks, reads, and does martial arts some times.

Talk#2 - What is Revival Hijack and How to Protect Yourself by Benny Ma

Description - Recently JFrog researchers discovered that if open-source maintainers deleted their projects from the PyPI repository anyone can swoop in and setup shop under that same project’s name and pretend to be that project. What they could do at that point is put some malware under that project’s name and unwitting developers whose code automatically updates to any available newer versions of those projects will automatically inherit the malware. My talk is focused on why this is real and how someone could use tools to protect their code

Speaker Bio - Benny Ma is a Senior Director of Sales Engineering at Synopsys. He has been in the appsec industry for 18 years.

When: October 17, 2024. 6:30 PM

Where: Google
355 Main St, Cambridge, MA