Speaking at BSidesAustin


The schedule is up. I'm speaking from 13:30 to 14:30. My talk is called: "I'm a software developer. What do you mean I'm on the blue team?": What we can learn in a red/blue world.



It's tempting to think as software developers we've done everything possible to secure our product once we've eliminated (or tried to eliminate) buffer overflows, implemented encryption and a dozen other secure-development practices. But is that all there is to developing secure software?

In this talk Aaron discusses software development in context of red-team/blue-team exercises. He contends that developers are with few exceptions always members of the blue team and that that role brings with it obligations and opportunities to improve software security.