Loading…
RVAsec 2019 has ended
Wednesday, May 22 • 4:00pm - 4:50pm
No More Whack-a-Mole: How to Find and Prevent Entire Classes of Security Vulnerabilities

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
In software development, we frequently see the same logical coding mistakes being made repeatedly over the course of a project’s lifetime, and often across multiple projects. When these mistakes lead to security vulnerabilities, the consequences can be severe. No one knows this better than companies like Google and Microsoft, whose software is used by millions of people every day.

With each code vulnerability discovered, we’re presented with an opportunity to investigate how often this mistake is repeated, whether there are any other unknown vulnerabilities as a result, and implement an automated process to prevent it reappearing. In this talk, I’ll be introducing Variant Analysis, a new process being pioneered by security teams at a number of companies including Google and Microsoft, that does just this. I’ll discuss how it can be integrated into your development and security operations, and also share some stories from the trenches.

Speakers
avatar for Sam Lanning

Sam Lanning

Developer Advocate, Semmle Inc
Sam started working at Semmle in October 2014, after deciding to drop out of his Masters at Oxford University after having completed his undergraduate Computer Science degree there. Sam was the first full-time developer for Semmle’s LGTM platform, and worked on it for over 3 years... Read More →


Wednesday May 22, 2019 4:00pm - 4:50pm
Ballroom, 2nd Floor