Conference News & Coverage
Sponsors

Diamond Sponsors

  • Fotango
  • Intel
  • Microsoft

Gold Sponsors

  • Dell Inc.
  • Hewlett Packard
  • IBM
  • Mozilla Corporation

Silver Sponsors

  • ActiveState
  • Autodesk
  • Google
  • Greenplum
  • Ingres
  • Novell, Inc.
  • NYTimes.com
  • OpSource
  • Rearden Commerce
  • SnapLogic
  • ThoughtWorks
  • Ticketmaster

Sponsors & Exhibitors

For information on exhibition and sponsorship opportunities at the convention, contact Sharon Cordesse

For Media Partnership opportunities, please contact Avila Reese

Download the OSCON Sponsor/Exhibitor Prospectus (PDF).

Conference News

To stay abreast of Conference news and to receive email notification when registration opens, please sign up here.

Press & Media

For media-related inquiries, contact Dawn Applegate at

Program Ideas

Drop us a line at and tell us who and/or what would make OSCON a must-attend event.

User Groups & Professional Associations

For user group and professional association related inquiries, contact Marsee Henon at

Session

Security for Human Beings: Protecting Ubuntu

Kees Cook, Ubuntu Software Engineer, Canonical Ltd.

Track: Security
Date: Thursday, July 26
Time: 1:45pm - 2:30pm
Location: D137-138

What goes on in the day-to-day life of a Security Engineer? Between patching, building, and testing, you've got to audit code and help build new technologies. This talk will outline the work involved in keeping Ubuntu secure while showing off some common attacks and countermeasures.

Defining security: vulnerabilities are just bugs, so what makes these bugs so special? Different problems call for different solutions, and not everything is an emergency.

Being paranoid: no one wants their code to have a vulnerability in it, but we're only human. Writing secure code means thinking like a bad-guy, and getting creative about how you do your testing.

Software abuse: load JavaScript where it isn't expected, inject some SQL while no one is looking, display fonts so large you get root access, overwrite files unexpectedly, make sleep(1) print to stdout, and, if all else fails, break the parser on some audio, video, or image decoders.

Security technologies: safe distros try to proactively protect themselves against all that pesky installed software. Get a taste of using stronger stack boundries, stirring up memory locations, and using mandatory access controls. Even if there's a bug in the code, maybe now it can't be turned into a vulnerability.

Researching security: get a list of recommended reading, fun tools, and tricky problems. Knowing how to break your code is the key to knowing how to secure your code.