安全代码是关键基础设施：为了公共利益的黑客政策.pdf

1、#SECTORCA BlackHatEventsSecure Code Is Critical InfrastructureHacking Policy for Public GoodTanya Janca#SECTORCA BlackHatEventsWhat are we going to talk about today?#SECTORCA BlackHatEventsSheHacksPurpleWhat happens when a private citizen wants their government to improve their software security.Hin

2、t:its a journey!#SECTORCA BlackHatEventsSheHacksPurpleAnd how you can help me with mine.:-D What YOU can do to get YOUR government to improve.#SECTORCA BlackHatEventsSheHacksPurplePlus:A copy of the secure coding policy!#SECTORCA BlackHatEventsSheHacksPurpleSecure Coding Trainer at SheHacksPurple Co

3、nsultingAuthor:Alice and Bob Learn Secure Coding&Alice and Bob Learn Application Security28+years in tech,Sec+DevFounder:We Hack Purple,OWASP DevSlop,#CyberMentoringMonday,WoSECAdvisor:Smithy,KatilystContributor:OWASP Top Ten,StackOverflowBoard Member:Forte GroupTanya JancaThe mandatory about me sli

4、de.She seems tolerable!#SECTORCA BlackHatEventsSheHacksPurpleLets Talk PolicyAnd why it matters.#SECTORCA BlackHatEventsWhy Policy Matters Insecure code=national risk Secure code protects democracy,privacy,and public safety Devs are graduating without ever learning secure coding Vibe coding and AI i

5、s NOT helpingWhy Policy MattersInsecure code=national riskNo public guidance,no accountabilityDevs graduating without ever learning secure coding Offers guidance Something to hold people accountable to Helps us secure critical infrastructure#SECTORCA BlackHatEventsSheHacksPurpleThe Current Security

6、Landscape in Canada*According to Tanya and the internet,not inside sourcesCurrent Landscape The Canadian Public Service does not have a formal secure coding policy they must follow*No government wide,public vulnerability/responsible disclosure program or bug bounty No government wide-education on th