Secure Code Development and Lessons Learned from etcd Security Audit - Sahdev Zala, IBM & Hitoshi Mitake, Indeed
Abstract
When it comes to the importance of writing secure code, it gets a unanimous vote. This is even more important for an open code. Checking the security of your code needs manual steps as well use of automated tools. As project maintainers for the etcd project, we recently led a third party security audit of etcd code. In this talk, we will share our experience of what are the common areas in code that get overlooked and pose a security risk from general weaknesses to critical threats. We will also provide a walk-through of security vulnerabilities that were reported from the audit work.