当前位置:首页 > 报告详情

安全代码是关键基础设施:为了公共利益的黑客政策.pdf

上传人: 竿*** 编号:982090 2025-11-29 38页 5.46MB

1、#SECTORCA BlackHatEventsSecure Code Is Critical InfrastructureHacking Policy for Public GoodTanya Janca#SECTORCA BlackHatEventsWhat are we going to talk about today?#SECTORCA BlackHatEventsSheHacksPurpleWhat happens when a private citizen wants their government to improve their software security.Hin

2、t:its a journey!#SECTORCA BlackHatEventsSheHacksPurpleAnd how you can help me with mine.:-D What YOU can do to get YOUR government to improve.#SECTORCA BlackHatEventsSheHacksPurplePlus:A copy of the secure coding policy!#SECTORCA BlackHatEventsSheHacksPurpleSecure Coding Trainer at SheHacksPurple Co

3、nsultingAuthor:Alice and Bob Learn Secure Coding&Alice and Bob Learn Application Security28+years in tech,Sec+DevFounder:We Hack Purple,OWASP DevSlop,#CyberMentoringMonday,WoSECAdvisor:Smithy,KatilystContributor:OWASP Top Ten,StackOverflowBoard Member:Forte GroupTanya JancaThe mandatory about me sli

4、de.She seems tolerable!#SECTORCA BlackHatEventsSheHacksPurpleLets Talk PolicyAnd why it matters.#SECTORCA BlackHatEventsWhy Policy Matters Insecure code=national risk Secure code protects democracy,privacy,and public safety Devs are graduating without ever learning secure coding Vibe coding and AI i

5、s NOT helpingWhy Policy MattersInsecure code=national riskNo public guidance,no accountabilityDevs graduating without ever learning secure coding Offers guidance Something to hold people accountable to Helps us secure critical infrastructure#SECTORCA BlackHatEventsSheHacksPurpleThe Current Security

6、Landscape in Canada*According to Tanya and the internet,not inside sourcesCurrent Landscape The Canadian Public Service does not have a formal secure coding policy they must follow*No government wide,public vulnerability/responsible disclosure program or bug bounty No government wide-education on th

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: 1. **政策重要性**:不安全的代码构成国家风险,安全的代码保护民主、隐私和公共安全。 2. **加拿大现状**:加拿大公共服务缺乏正式的编码安全政策,政府层面没有相关漏洞披露或赏金计划,教育指导有限。 3. **策略与挑战**:加拿大政府有2025年的策略,但作者认为缺乏对软件安全的关注。作者指出加拿大税务局(CRA)和其他政府机构存在多次数据泄露事件。 4. **作者行动**:作者通过志愿活动、公开呼吁和与政府官员沟通来推动安全编码政策。 5. **政策内容**:作者提供了一份9页的行动指南,适用于任何软件开发者。 6. **公众行动**:鼓励公众联系官员、推动教育改革、在社交媒体上表达意见,并支持作者的请愿活动。
"政策缺失,安全何在?" "如何让政府重视软件安全?" "加拿大网络安全现状如何?"
客服
商务合作
小程序
服务号
折叠