A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


The Security Trust Chain is Broken: What We're Doing about it - Kenn White (ShowMeCon 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

The Security Trust Chain is Broken: What We're Doing about it
Kenn White
ShowMeCon 2015

Security headlines over the past year have highlighted a seemingly unending string of software and system failures, from HeartBleed to ShellShock to GotoFail to SuperFish to POODLE. Astute observers will note that a common thread exists among many recent vulnerabilities, like hypervisor breakouts in VENOM and crypto protocol & implementation flaws in Logjam that threaten the very security of global communications. There is a fundamental problem in our security trust chain, and it is culminating into a crisis that was decades in the making. Existing models for both proprietary and open source development bear responsibility, and serious focused efforts are underway to correct course. Engineers from some of the leading technology organizations, academic labs and open source projects are working closely together on several major security initiatives. These will be discussed in the context of building a more trustworthy core infrastructure.

Bio: Kenneth White is a security researcher whose work focuses on networks and global systems. He is co-director of the Open Crypto Audit Project (OCAP), currently managing a large-scale audit of OpenSSL on behalf of the Linux Foundation?s Core Infrastructure Initiative. Previously, White was Principal Scientist at Washington DC-based Social & Scientific Systems where he led the engineering team that designed and ran global operations and security for the largestÿclinical trial networkÿin the world, with research centers in over 100 countries. White co-founded CBX Group which provides security services to major organizations including World Health, UNICEF, Doctors without Borders, the US State Department, and BAO Systems. Together with Matthew Green, White co-founded the TrueCrypt audit project, a community-driven initiative to conduct the first comprehensiveÿcryptanalysis and public security auditÿof the widely used TrueCrypt encryption software. White holds a Masters from Harvard and is a PhD candidate in neuroscience and cognitive science, with applied research in real-time classification and machine learning. His work on network security and forensics and been cited by media including the Wall Street Journal, Forbes, Reuters, Wired and Nature. White is a technical reviewer for the Software Engineering Institute, andÿpublishes and speaksÿfrequently on computational modeling, security engineering, and trust. He tweetsÿ@kennwhite.

Back to ShowMeCon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast