Natalie Silvanovich from Google Project Zero talks with Kim Carter about what attack surface is in regards to software, how to identify risks and reduce the attack surface of the software you as a Software Engineer are creating. Natalie found over 100 0 day security defects in flash in her first year at Google, and discusses the risks and countermeasures around code sharing, third-party code, and techniques for identifying code libraries that are more likely to have security defects. Along with Developer workflow, post mortems are also carried out on a collection of 0 day bugs in well known software
Show Notes
Related Links
- Natalie Silvanovich Blog
- Natalie on Twitter
- Project Zero blog
- Blog post describing thinking behind the > 100 security defects Natalie found in first year on Project Zero Team
- Natalie’s talk at Blackhat based on the above findings
- Natalie’s Blackhat slides
- Natalie’s Blackhat slides on ECMAScript engine security defects
- All the security defects found by Google Project Zero
- Consuming Free and Open Source
