What is Our Ethical Obligation to Ship Secure Code?

Explore the ethical responsibilities of shipping secure code in this thought-provoking conference talk from NorthSec 2019. Delve into the obligations companies have towards users, examining real-world examples like the Marriott hotel data breach. Consider the Golden Rule in relation to Terms of Service and discuss what companies should do to protect user data. Investigate individual liability, the importance of audit reports, penetration testing, and static analysis in ensuring code security. Reflect on the unique position developers hold in today's digital landscape and the impact of social media on security practices. Gain valuable insights from Elissa Shevinsky, CEO of Faster Than Light, as she shares her expertise in bringing security best practices earlier into the development lifecycle and building tools to facilitate secure code shipping.

Intro
Welcome
What are the obligations of companies towards users
Marriott hotel data breach
Terms of Service
The Golden Rule
What should companies do
Individual liability
Audit report
Pentest report
Auto report
Static analysis
Why did it happen
Developers in a special moment
Social media