The one question that users of open platforms should ask themselves is, "am I secure?" At the same time, companies running those open platforms have the distinct challenge of keeping users secure -- and many of those users tend to need a significant amount of security education.
This weekend at an event called BSides Bay at Hacker Dojo in Mountain View, security and risk experts from three of the world's major consumer-facing services will participate in a panel aptly named "Keeping Users Secure on Open Platforms." The panel includes John Adams of Twitter, Andy Steingruebl of PayPal, and both Jeff Wu and Ryan Seu of Facebook, and these experts will address questions about their individual company's philosophies on keeping users secure, what types of threats and attacks they are mitigating, as well as common security controls, and so forth. From the session abstract:
Open platforms attract innovation, foster collaboration, and for many of us -- have changed our lifestyles (how we communicate, socialize, and pay for things). At the same time we're seeing these same technologies used as attack vectors -- with end-users being the target of choice. In our panel we'll discuss threats and attacks targeting end users such as phishing, malware, spam & abuse -- and the resulting problems like account takeovers, botnet activity, privacy leaks, and identity theft. We'll then discuss our successes and lessons-learned from adding additional controls both at the platform level and provided directly to customers.
This particular panel is happening at 11 a.m., but the BSides Bay event runs from 9 a.m.-5 p.m. The event is a spinoff from the popular Security BSides unconference series that first launched at Black Hat / Defcon in Las Vegas earlier this year. In true unconference fashion, BSidesBay is largely relying on community input to determine final topics. Those talks that garner the most conversation get added to the agenda. Other than the open platform panel, and another scheduled panel at 10 a.m. called "OWASP & WASC: Impacts on web application security automation," the conference agenda will be determined on an "as you go" basis.
"At most conferences, the best discussions are ad hoc and happen in hallways between sessions," said BSidesBay organizer Allison Miller. "I wanted to attend an event where those types of conversations are the main attraction."