We live in a world of technology and engineering where almost everything around us requires software. Unfortunately, the software we use or build has bugs. While most bugs can "just" be fixed, there are these other types of bugs, called vulnerabilities. Vulnerabilities can be found in our own infrastructure, on customers' infrastructure, or — worse — around user data.
Sadly, we see reports of leaked personal data on a daily basis. And when it comes to the companies who just had data leaked, it is astounding how rattled and unprepared they are for the situation. In fact, a lot of companies are puzzled when someone external approaches them about a possible security issue publicly. They don't know how to react and often react in the worst possible way: denial. But it is also about issues that are found from within the company. Issues that may not directly affect personal information. There is more to do than telling customers there is a security release of some software.
IT security is a sheer endless topic to talk about. It is a mindset and a company culture that must be lived by each and everyone within a company. In this talk, I will point out what roles individual departments play. Because there are more questions to be answered than “how and when are customers informed about an issue and a corresponding solution”. Are details about the issue released, and if so, when, and will the details be released publicly or only to customers? How will a public outcry about an issue on social media be dealt with? Is the social media team equipped to handle the masses? Will the sales and marketing teams be able to handle a hesitant customers base? What legal implications does the issue have? Who coordinates, makes decisions, and stays on top all of these moving parts?
Produced by NDV: https://youtube.com/channel/UCQ7dFBzZGlBvtU2hCecsBBg?sub_confirmation=1
Python, PyCon, PyConAU, PyConline
Fri Sep 4 14:30:00 2020 at Python 2