Keynote

Building Secure Software
How to Avoid Security Problems the Right Way

What do wireless devices, cell phones, PDA’s, browsers,
operating systems, network services, public key infrastruc-ture,
and firewalls have in common? The answer is “soft-ware”.
Software is everywhere, and it is not usually built to
be secure. This talk explains why the key to proactive
computer security is making software behave. With software
complexity growing alarmingly – the source code base for
Windows XP is 40 million lines – we have our work cut out
for us. Clearly, the penetrate-and-patch approach is non-optimal.
Even worse is bolting security mechanisms on as an
afterthought. Building software properly, both at the design
and implementation level, is a much better approach. This
talk covers some common software security risks, including
buffer overflows, race conditions, and random number
generation, and goes on to discuss essential guidelines for
building secure software. Applying a risk-driven approach
to software security that integrates analysis and risk
management throughout the software lifecycle is the key to
better computer security.

Keynote speaker:
Gary McGraw, Cigital’s Chief Techno-logy
Officer

Open Source, Standards, and Networks: Tools
of Liberty and Democracy

While Open Source has been successful as software, its most
important role is as a tool to empower the individual and
to facilitate communications, free thought, education, and
peace. The greatest threats to Open Source come not from
competing proprietary software, but from national law and
international treaty. Europe has become the “land of the free”
for Digital Rights. Bruce Perens will discuss the success of
Open source, standards, and networks, the challenges that
they face, and the crucial role of NordU2002 attendees in
maintaining Digital Rights.

Keynote speaker:
Bruce Perens is the primary author of
the Open Source Definition, founder
of the Linux Standard Base, former
Debian project leader, and a major
Linux developer since 1994. His “busy-box”
software is a part of most com-mercial
embedded Linux systems. He
is credited for his technical work on
the films “A Bug’s Life” and “Toy Story II”, and is featured
in the documentary film “Revolution OS”.

Unix and its Children

The immediate ancestor of Unix was Multics. The lineage of
C can be traced from BCPL through B. Both troff/groff and
EMACS stem from TECO. All of these lie 25–33 years in the
past.
Today we have BSDI, HPUX, AIX, IRIX, FreeBSD NetBSD,
OpenBSD, and a variety of Linuxes. We have C++.
The intricate route by which simple Unix in 1969–71 gave
rise to today’s offspring will be detailed in this talk.


Keynote speaker:
Peter H Salus is Chief Knowledge
Officer of Matrix.Net. He has been
Executive Director of the USENIX
Association, the Sun User Group, and
the Tcl/Tk Consortium, and Vice
President of the FSF over the past 16
years. He is the author of a number of
books including A Quarter Century of
UNIX (1994) and Casting the Net (1995).