O'Reilly Open Source Convention - August 1-5, 2005 - Portland, Oregon
 Convention Coverage

Session

Are Open Source Developers Prepared for Security Bugs?
Alex Vincent, Software Designer, Cenzic, Inc.
Nitesh Dhanjani, Manager, Advanced Security Centers, Ernst & Young LLP
Dan Veditz, Mozilla

Track: Security
Date: Thursday, August 4th, 2005
Time: 2:35pm - 3:20pm
Location: E144

When it comes to open source software design, most open source programmers don't think much about security. Indeed, they may not even recognize the dangers properly.

"I've filed all kinds of bugs. But I'd never filed a bug that implied a potential security hole." These words open an article about how one user-friendly feature in a popular program exposed a vulnerability, and how the author handled it.

When faced with a situation like this, what's the right thing to do? What defines a bug as a security issue, and how do developers think of bugs from a security viewpoint? Tell the world or hide the details from would-be exploiters? If it's already been exposed, would you still want to hide it? What makes an issue a legitimate security threat, and what makes it paranoia?

This forum is to debate the issues and "best practices" of secure programming, and to balance the potential for security holes against user-friendly features. Both the experienced and the inexperienced are welcome to weigh in with their opinions.



Diamond Sponsors

Computer Associates International Inc., (CA)
Hewlett Packard
SpikeSource
Sun Microsystems

Platinum Sponsors

Novell, Inc.

Gold Sponsors

ActiveState
IBM
Ticketmaster

Silver Sponsors

ActiveGrid
Alfresco
Black Duck Software
CollabNet
Covalent Technologies
Google
GroundWork Open Source Solutions
Intel Corporation
Mergere, Inc.
Microsoft
Oracle
Palamida
SourceLabs
SugarCRM
Yahoo! Inc.
Zend Technologies, Inc.

Media Sponsors

boing boing
C/C++ Users Journal
DevtownStation News
Digital ID World
Enterprise Open Source Journal
Free Software Magazine
InsideMac Radio
Integration Developer News
Linux Journal
LinuxQuestions.org
Open Enterprise Trends
Queue
SDForum
Software Association of Oregon
Version Tracker
Wi-Fi Technology Forum
Women's Technology Cluster
WorldWIT

In-Kind Sponsors

Dell Inc.
Gibson
Griffin Technology
Harman Multimedia
Smugmug

Sponsors

OSCON 2005 Sponsor Opportunities — Email us at

Download the OSCON 05 Sponsor/Exhibitor Prospectus

OSCON 2005 Media Sponsor Opportunities — Call Margi Levin at 707-827-7184 or email at

Press and Media

For media-related inquiries, contact Suzanne Axtell at

Conference News

Want to receive conference news? Sign up for our email newsletter.

O'Reilly Home | Privacy Policy

© 2005, O'Reilly Media, Inc.