Monday 5 August 2013

Can you join us for lunch?

With this simple words me and OWASP's Joanna had a great lunch with two complete strangers (to us) at DefCon 21.

We were going into a local restaurant at Rio's hotel when they (a couple on first trip to DefCon) asked us to join them. They said that they wanted to meet new people and we looked decent enough :)

They were both from LA. He was was the director of a local web development company and she was a lawyer.

The conversation was wide ranging, and it was great to hear how he used to work for a financial company (doing financial analysis for tech acquisitions), but quit due to the lack-of-values and wrong-motivations in that world (i.e he left the dark-side).

What he has found is that our community (software development, hackers, web app security) is a much more value-based world/society, with a lot more of 'good people'

I completely agree. If for example you look at the OWASP Leaders (as a group), you will find some of the most amazing, generous and 'nice' people in the world.

Talking about OWASP, he had no idea of what OWASP is, which wouldn't be a big issue, except that he is creating websites for his clients :)

On this topic we had a great chat, where the conclusion was that 'most likely' the web sites he is creation will be vulnerable to a number of high security issues, but the risk is low because there is a very small probability that his clients will be attacked (remember that if his clients really cared about security, they would had asked him to create a 'secure website).

Btw, we really need to do more to push the OWASP Top 10 to developers (he really should had been exposed to this great teaching resource). Maybe we would make a massive difference in WebAppSec if we printed 5,000 copies of the Top 10, and dropped them from a plane in Silicon value!! :)

On lawyer's world , we had a good conversation about GIT, where I was telling her that GIT will (eventually) dramatically change her world, and that she really should try to get her head around how it works and how to use it.

Here are a couple blog posts on why I think GIT will change the world:
She actually had a really funny story (or scary if you have your 'civil liberties' hat on).

  • What happened was that when she started dating him, she used her company 'extensive background checks' capability to do a full check on him
  • She did such a thorough job (tracking him across multiple addresses and US cities), that one day they were talking about each other's past and:
    • he mentioned: 'you know, I used to live on place XYZ in the ABC city', 
    • she said 'I know'  :
    • and he was like : '... WTF!! how???...' :)  

They were really nice couple, and I hope our paths cross again sometime in the future :)