CVE 101: A Developer's Guide to the World of Application Security

Length: 45 minutes

Room: Room 7

Abstract

Ever wonder about the mindset of a hacker? What is a Zero day attack? When does the clock start ticking? As cyber Attacks become an existential threat it’s critical that all software developers understand the role the CVE process plays in helping us keep our defenses strong - and where it can go wrong or be subverted. In this session, we’ll cover how the CVE process works, explore the timelines of a few famous CVEs, and uncover the truth about ethical reporting. We'll then discuss the practical steps you can take as a developer to write safer software. From bug bounties and bad actors to unsung developer heroes and incredible researchers, it’s time to buckle up for a wild ride as we show you what CVEs are all about.

Day & time

Thursday, 3:40 – 4:25 PM

Intended audience

This talk is intended for software developers to learn about how security reporting and research works to give a greater appreciation for this space and hopefully generate excitement to learn more. Developers will take away some simple practical steps to think about to write safer code and have safer team processes.

• Theresa Mammarella

  Theresa Mammarella is a software engineer at IBM, specializing in Eclipse OpenJ9 JVM and native image prototyping. She enjoys helping developers harness the full potential of their tools to create innovative solutions. Theresa actively contributes to the open-source community collaborating on various projects and is a regular conference speaker. When she's not coding, Theresa loves to spend her time volunteering with animal rescues and exploring the great outdoors, where she can often be found hiking, camping, or simply soaking up nature's beauty.

  

  t_mammarella