Speaking at BSides San Antonio


It's tempting to think as software developers we've done everything possible to secure our product once we've eliminated (or tried to eliminate) buffer overflows, implemented encryption and a dozen other secure-development practices. But is that all there is to developing secure software?

In this talk Aaron discusses software development in context of red-team/blue-team exercises. He contends that developers are with few exceptions always members of the blue team and that that role brings with it obligations and opportunities to improve software security.