Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Back To Schedule
Thursday, September 12 • 4:30pm - 5:15pm
A Case Study in Scaling Oversight

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Learn how a seemingly inconsequential code pattern enables development teams to bound the amount of code that needs security scrutiny, how combining it with some specific software pipeline & workflow changes enable a small blue teams to ride herd on a larger, fast moving application development group and how this incentivized investment in security infrastructure within Google.

This talk:
* uses the Trusted Types WICG proposal to explain the code change,
* explains how Google has internally done the same for server-side injection vulns across 6 programming languages and presents bug bounty stats for projects (Gmail and others) that adopted these techniques,
* explains how we tweaked Google's code analysis pipeline and commit workflow to enable efficient interactions between security & devs,
* identifies analogous (& currently-overlooked) open-source mechanisms,
* explains how some specific integrations guide developers towards secure code patterns and incentivize investment in secure tools & abstractions.

avatar for Mike Samuel

Mike Samuel

Software Engineer
Mike Samuel works on Google's technical infrastructure team improving libraries and programming languages to make it easier to produce secure & robust software.Mike has worked on JavaScript sandboxing, the Secure EcmaScript and other language committee proposals, making template languages... Read More →

Thursday September 12, 2019 4:30pm - 5:15pm EDT
Lincoln 3