Presented by

  • Jason C Cohen

    Jason C Cohen

    Dr. Jason Cohen is a Master Technology Consultant and Security Researcher at Hewlett Packard Labs with over 17 years of industry experience. He collaborates across HPE organizations on projects with direct impact on the security of HPE products. In addition he supports US Government customers, with a focus on security, complex systems integration, ML, and development. Jason holds a Doctor of Science in Information Technology from Towson University and an undergraduate degree in Computer Science from Goucher College. Jason is also a part-time Adjunct Professor of Software Development and Security at the University of Maryland, where he enjoys working with the next generation entering the field.

Abstract

It would seem that, despite the exponential growth in security products, security services, security companies, security certifications, and general interest in the security topic; we are still bombarded with a constant parade of security vulnerability disclosures on a seemingly daily basis. Why? Most often, vulnerabilities come down to a flaw in either the source code, the logic of code, overall architecture, and in some cases the hardware design. In this talk, we will take a look at one way to reduce the attack surface of your software; testing via static code analysis and dynamic analysis. We will touch on the theory of how this technology works, when to use it during your development cycle, and then do a few live demos of a sampling of popular tools available for free to the Open Source community that you can leverage today to produce more secure software. The talk and demos are geared towards new developers to build an initial awareness of the topics. Linux Australia: http://mirror.linux.org.au/pub/linux.conf.au/2020/room_6/Tuesday/An_intro_to_improving_the_security_of_your_code_with_free_analysis_tools.webm YouTube: https://www.youtube.com/watch?v=Rx7D2djmjzk