Developing secure software

Speaker: Sebastian Lopienski

Abstract
------------
Computer security has been an increasing concern for IT professionals for a number of years, yet despite all the efforts, computer systems and networks remain highly vulnerable to attacks of different kinds. Design flaws and security bugs in the underlying software are among the main reasons for this situation. This talk aims at explaining what computer security really is, and how secure software systems should be designed and developed. It introduces the main security principles (like least-privilege, or defense-in-depth) and discusses security in different phases of the software development cycle. The emphasis is put on the implementation part: most common pitfalls and security bugs are listed, followed by advice on best practice for security development.

Speaker Bio
--------------
Sebastian Lopienski is CERN's Deputy Computer Security Officer, working on
security strategy, policies and consultancy; designing, developing and
maintaining security tools (intrusion detection, vulnerability assessment
etc.); training and awareness raising; as well as incident analysis and
response. During his work at CERN since 2001, Sebastian has had various
assignments, including designing and developing software to manage and
support services hosted in the CERN Computer Centre, providing Central CVS
Service for software projects at CERN, and development of applications for
accelerator controls in Java. He graduated from the Computer Science Faculty
of University of Warsaw, Poland. His professional interests include software
and network security, cryptography, and distributed systems.