CAST workshop on development security

We are holding our yearly security conference in Darmstadt on the 22nd of March – that’s next week – together with our partners from Fraunhofer SIT and CAST. This time, the focus subject will be DevOps and cloud technologies, including both operations and development preparation for the security in the cloud. The speakers are prepared to talk about a range of things from threat modeling and management down to massive tests, so I expect it will be rather interesting. We will also have a couple of presentations from companies talking about how they do things in their own cloud software in practice, so it will not be all theory either.

The conference is as usual mixed in German and English, we may ask the presenters to speak English only when we have people who do not speak German in the audience, so let us know on site. All details of the conference are here: https://www.cast-forum.de/workshops/programm/244

Come over to Darmstadt, join our conference, you will be very welcome!

Welcome to “Holy Hash!”

This is a lighter software security blog. I start it now mainly because of two reasons.

First, something has to be done. The recent break-ins at the likes of LinkedIn and Yahoo show that even at the large companies people do not understand the basics of security. By looking at what is proposed and advised under the guise of security to people starting out to write their own web applications I understand that those are not far behind. Should their applications become famous, they will be broken as easily. There needs to be a place to discuss even the most basic things, so people do not keep making the same mistakes over and over again… like if it’s bloody Groundhog Day.

Second, why do we have to talk about software security always with a grave face? Yes, it is a serious subject but that does not warrant the long faces. Lighten up, people! Relax, let the Force flow. Have a break and make a joke. Security can be an entertaining subject. Let’s not make it appear harder than it is.

So here we are, something has to be done and it better be done with a smile. Or a grin… a smirk, a beam, a crack. Not with a frown. I will write my thoughts on software security, you are welcome to comment, make fun of, ask questions and generally have a good time.