Nuclear powered software security

Christopher Riley (01.Jul.2017 at 14:30, 45 min)
Talk at Dutch PHP Conference 2017 (English - US)

Rating: 4 of 5

It seems to be almost a weekly occurrence that another company makes the news headlines for being hacked and in the process disclosing sensitive user data and company secrets. These security meltdowns can cause catastrophic effects to the company in lost user trust and huge costs putting things right.

A nuclear power plant is considered one of the most dangerous things mankind has built, yet they very rarely go wrong. The systems engineering that goes into making nuclear power plants safe is a fascinating topic to study but on the surface it seems entirely irrelevant to PHP developers.

In this talk I'm going to show you how this level of safety is achieved, what happens when it goes wrong and then see what lessons we, as PHP developers, can learn from it to help us secure our applications from meltdown.

Who are you?

Claim talk

Talk claims have been moved to the new Joind.in site.

Please login to the new site to claim your talk

Want to comment on this talk? Log in or create a new account or comment anonymously

Write a comment

 
Please note: you are not logged in and will be posting anonymously!
= four minus three

Comments

Rating: 4 of 5

01.Jul.2017 at 15:27 by Marcus Bointon (20 comments) via Web2 LIVE

Interesting stuff, but quite abstract. Maybe add some code / config examples to make concepts more explicit?

Rating: 5 of 5

01.Jul.2017 at 19:10 by Boy Baukema (52 comments) via Web2 LIVE

Great way to introduce designing for security and security principles, comparing to the physical world was very entertaining.

Rating: 2 of 5

01.Jul.2017 at 20:38 by Sander Zegveld (21 comments) via Web2 LIVE

The title of the talk sounded awesome but unfortunately the presentation wasn't. It was not boring but had at least expect some stories of working at a nuclear facility while coding or some examples how to code secure but neither of that. A disappointment. The way of presenting was good and decent, so the spear should certainly not change the style of presenting, just the things he is showing/telling could be a lot more interesting for a PHP conference.

Rating: 4 of 5

01.Jul.2017 at 20:56 by Deniz Zoeteman (8 comments) via Web2 LIVE

Great talk! It was very interesting to see how we can apply these security principles from the physical situations to software development. It definitely made me think more about security and how to tackle it. It was a little abstract, which normally wouldn't have been a problem for me, but the time slot (last slot on the 2nd day) made it a little much :)

Rating: 4 of 5

01.Jul.2017 at 22:24 by Erik de Bos (19 comments) via Web2 LIVE

Very good introduction to security concerns, covering a number of very valuable techniques. Good examples that drove the point home efficiently.

Rating: 4 of 5

02.Jul.2017 at 12:06 by Bas (11 comments) via Web2 LIVE

I did like the way you compared the security elsewhere to the what software applications could do to raise their security.

Rating: 4 of 5

02.Jul.2017 at 12:32 by Peter Bouwdewijn (10 comments)

Liked the examples combined with practical approaches to identify and improve security in our landscape.

Rating: 4 of 5

02.Jul.2017 at 15:03 by Pim Widdershoven (29 comments)

Good talk about why you should use several security layers but I was missing some code examples or schematics how to use that knowledge in your applications.

Rating: 5 of 5

02.Jul.2017 at 15:29 by Gabriel Somoza (46 comments) via Web2 LIVE

I do think this talk was brilliant: it definitely stood out compared to most of the other talks I attended. Plus I think it has a lot of potential to become even better. No need for showing code in my opinion: the concepts themselves are important enough and there were enough real-live illustrations to back them up.

Maybe some examples of how things went wrong and how they were fixed on real-life software solutions would be nice as well. E.g. how a bank or hospital got hacked, how that compares to a nuclear reactor meltdown, and how they fixed it, etc. But again: no need for code IMO.

Rating: 3 of 5

05.Jul.2017 at 03:47 by Ben Dechrai (32 comments) via Web2 LIVE

I love talks that compare non-development aspects of life to development, as a way of analogising ways in which we can improve our processes. In this talk, Christopher discussed myriad risk management and failover processes involved in running a nuclear power plant, and suggested ways in which software developers could apply those principles to their work.

While the direction that the talk was taking was interesting, I was disappointed with the examples given in the application of those security principles. One example, to make sure passwords aren't reused across systems, is in my mind something that should be common-practice, not critically highlighted.

Given the narrative, educational style of describing nuclear power station safety and security, I would have enjoyed the story of development to be of a similar style. For example, rather than selecting check-list items of development security to talk about, perhaps find real-world stories about security issues, how they affected systems, and how they could have been avoided, and then bringing it back to the nuclear power plant analogy, to close the loop.

I encourage Christopher to build on this talk; it has great potential :)

Rating: 3 of 5

07.Jul.2017 at 16:02 by Arnout Boks (48 comments) via Web2 LIVE

I liked the approach of this talk, describing how safety principles in nuclear power plants and other real-life situations can apply to software. I think most of the principles were quite abstract (and sometimes well-known) though, and would have liked a more practical approach with some more in-depth examples. Also, I would love to see examples of how these principles apply to a more micro level (pieces of code rather than entire systems). I appreciate the calm and clear presentation style.

© Joind.in 2017