DeepSec 2021: A lack of software security paralyzes the economy in times of crisis – visit DeepSec 2021 to train your developers
In every crisis, one’s own infrastructure and logistics are put to serious tests. The COVID-19 pandemic illustrates this particularly drastically through the many structural failures in the past 12 months. They try to solve biological problems with smartphones, favor dead-end technologies such as blockchain, discover the lack of network expansion in recent decades and then panic and publish software applications that are only subjected to serious tests after they have been published. All these quick fixes are snapshots of a lack of sustainability. But the economy is dependent on stable solutions based on many years of experience, especially now. In November 2021, the DeepSec conference would like to give support to everyone who works with software through trainings and the transfer of experience from security researchers.
Code rules the World
The word digitization is on everyone’s lips all the time. Unfortunately, it is not clear to anyone that information security has to play a major role in implementation. Since the first measures against COVID-19, the home office gained great importance. Some companies were unable to adequately provide tele work because of a lack of means. Remote access to internal resources must be planned and secured. It is not done with just turning it on. Mixing private and company-internal use of digital devices must also be avoided. In addition, a secure infrastructure is necessary, which for many IT departments now only exists in the abstract because the skills to support and maintain it are lacking. This is the ideal breeding ground for digital disasters.
The constant automation and the proliferation of networked end devices, especially in the field of control and regulation, has made numerous functions dependent on decisions made by applications. The term software error has meanwhile become a synonym for force majeure. In fact, there is often much more to it than that. A lack of security in execution and design can play a major role. Precise analysis and troubleshooting is important in order to clarify the causes. Software has to keep control in all situations and make reliable decisions in hopeless situations. Superficiality is therefore out of place in cases involving sensitive data. Increasing automation in industry and the home leads to serious consequences if software makes wrong decisions or fails beforehand.
Back to Safety
Information security is a fundamental ingredient for applications of all kinds. It is therefore indispensable for any country’s digitization efforts. Terms like secure design and secure coding have meanwhile been heard by every developer. The concepts are already being used in many development teams. However, both the introduction and the implementation are not static processes that have to be only carried out once. The methods and tools used are subject to constant expansion. Correct use must always be questioned. This year’s DeepSec security conference has specifically selected topics that will be offered as a two-day training in November before the conference days. The focus will be on mobile applications (apps), embedded systems (industrial control systems, Internet of Things / IoT) and infrastructure. All trainings will be practical and will bridge the gap between classic software development and modern code generation.
Software must not be a throwaway Product
There is nothing wrong with updating a product’s own code often. Some applications have to react in a timely manner to changed situations with adjustments. Unfortunately, the quality of the programs, which have to be published quickly under market pressure, is usually very poor. Countless solutions for contact tracing for COVID-19 infections have been presented since last year. Few of them survived the first feedback loops. Some of those who remained had and have to face criticism, including the Luca app, which has serious shortcomings in all areas. This must not happen, especially with critical applications. The phone providers’ app stores are a highly competitive market. Due to the large number of apps, you can only attract attention through special features, solid problem solving or aggressive marketing. The latter is hardly a means of information security.
It is not absolutely necessary to add features. Programs that can reliably solve a problem for a long time are automatically not a throwaway product. Longevity is an underestimated property given the current short product cycles. However, the code has to last longer than the device, even under the most adverse conditions. If you don’t want to disappear from the market again in the next week, you should think about it and integrate this quality into your own portfolio.
Programs and Booking
The DeepSec 2021 conference days are on November 17th and 18th. The DeepSec trainings will take place on the two preceding days, November 16th and 17th. All trainings and lectures are intended as face-to-face events, but due to future COVID-19 measures they can take place partially or completely virtually.
The DeepINTEL Security Intelligence Conference will take place on November 17th. Since this is a closed event, we ask for direct inquiries about the program. We provide strong end-to-end encryption for communication: https://deepsec.net/contact.html
You can order tickets for the DeepSec conference itself and the training courses at any time under the link https://deepsec.net/register.html. Sponsor discount codes are available. If you are interested, please contact deepsec@deepsec.net. Please note that we are reliant on timely ticket orders due to planning security.