Tales from the Risks Forum

Explore a captivating Stanford seminar featuring Peter Neumann from SRI International as he delves into the fascinating world of computer system risks. Discover memorable incidents, misconceptions, and human errors reported in the ACM Risks Forum since 1985. Gain insights into how these risks were mitigated and learn valuable lessons from past mistakes. Examine topics such as hardware vulnerabilities, software problems, air traffic control remediation, buffer overflows, hiring practices for software engineers, policy governance, security metrics, and the principle of least privilege. Analyze real-world examples involving Intel, Microsoft, and Yelp, and understand the implications of Conway's Law and the Nigerian Letter Attack. Engage in a thought-provoking discussion on the nature of bugs, over-design, and cost issues in the tech industry.

Intro
Hardware is Untrustworthy
Horror Stories
Software Problems
Air Traffic Controller Remediation
Hardware vs Software
Learning from our mistakes
Buffer overflows
Hiring software engineers
Software error
Hardware interlock
Errors of Tech
Policy Governance
Security Metrics
Failure
Over Design
Principle of Least Privilege
Cost Issues
Intel and Microsoft
Andys Response
Bugs are Good
Yelp
Conways Law
Nigerian Letter Attack