Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Thursday, September 12 • 4:30pm - 5:15pm
A Case Study in Scaling Oversight

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Learn how a seemingly inconsequential code pattern enables development teams to bound the amount of code that needs security scrutiny, how combining it with some specific software pipeline & workflow changes enable a small blue teams to ride herd on a larger, fast moving application development group and how this incentivized investment in security infrastructure within Google.

This talk:
* uses the Trusted Types WICG proposal to explain the code change,
* explains how Google has internally done the same for server-side injection vulns across 6 programming languages and presents bug bounty stats for projects (Gmail and others) that adopted these techniques,
* explains how we tweaked Google's code analysis pipeline and commit workflow to enable efficient interactions between security & devs,
* identifies analogous (& currently-overlooked) open-source mechanisms,
* explains how some specific integrations guide developers towards secure code patterns and incentivize investment in secure tools & abstractions.

avatar for Mike Samuel

Mike Samuel

Software Engineer, Google LLC
Mike Samuel works on Google's technical infrastructure team improving libraries and programming languages to make it easier to produce secure & robust software. Mike has worked on JavaScript sandboxing, the Secure EcmaScript and other language committee proposals, making template... Read More →

Thursday September 12, 2019 4:30pm - 5:15pm
Lincoln 3