Videos to Watch
- Julien Vehent - https://j.vehent.org/jve.html
Securing DevOps - Youtube channel from Julien Vehent
- DEF CON 2018
- I serve as the CEO of Galois spin-off MuseDev, a startup focused on automatically finding and fixing critical bugs. My research interests focus on static and dynamic program analysis, with a particular emphasis on scalability and tuning analyses for specific software domains. My recent work focuses on security, both software security in the traditional sense and related issues such as privacy. I have also worked on analyses that help programmers build and deploy software updates in high-availability environments.
- Security hardening for containers, clusters, and operating systems is a very important part of setting up infrastructure and always “Plan A”. The world of “Plan A” defends the importance of making sure your cluster is set up securly. Dino comes from the world of “Plan B” and will focus on detecting when security boundaries have been breached. This is necessary for environments where you don’t have ability to ensure base OS is fully patched, etc.
- Step into the world of Linux kernel features such as seccomp, eBPF, kprobes and Kubernetes tunable security features and learn how to detect and defend against attacks at scale.
- Dino Dai Zovi is the Co-Founder and CTO at Capsule8.
BH USA 2002 - Professional Source Code Auditing - Mark Dowd, neel Mehta, Halvar Flake
- Last year there was an Information Security conference taking place for almost every day of the year. This translates to about 15 information security talks per day, every day. The question is, is this a bad thing? Even niche areas of the info-sec landscape have their own dedicated conference these days. Is this a good thing?
- The conference scene is actually a reasonable proxy for the state of information security as a discipline.. i.e. theres a lot of activity but with questionable results (and dodgy metrics).
- This talk aims to change (some of) that.
Dino Dai Zovi - Attacker Math 101
An introduction to Category Theory forSoftware Engineers - seems like an awesome intro
- Won $50K from FB for Internet Defense Fund
- In Alex Stamos’ BlackHat USA keynote (“Stepping Up Our Game”) he said they’ve adopted that into FB’s static analyses
https://catalog.comby.dev/ - a sample rewrite catalog of code patterns. (academic)
mpage/plt-study - A path to Programming Language Theory enlightenment
- Lots of links to great papers and videos
James Koppel - The Best Refactoring You’ve Never Heard Of
- Really detailed, cool looking talk
- Great slide deck from an academic, solid intro looks like, 113 slides
Let’s build a compiler - book
Safe and Efficient, Now -statically assure a wide range of safety properties:
- never dereferencing a null pointer or taking the head of an empty list;
- always sanitizing user input;
- using only in-bounds indices to access (dynamically allocated) arrays of the statically unknown size.
- Also a bunch of articles on types
Introducing the FASTEN project - The core idea behind FASTEN is really simple: instead of analyzing dependencies at the package level, we will analyze them at the call graph level! This will allow us to be super precise when we are tracking dependencies, when we do change impact analysis, when we recommend clients to update packages etc. It will also open the door to new sophisticated applications, e.g. licensing compliance, dependency risk profiling and data-driven API evolution.
Microsoft Academic Knowledge Graph - a large RDF data set with over eight billion triples with information about scientific publications and related entities, such as authors, institutions, journals, and fields of study. The data set is based on the Microsoft Academic Graph and licensed under the Open Data Attributions license. Furthermore, we provide entity embeddings for all 210M represented scientific papers.
The A-Z of Programming languages - interviews with programming language creators)
Magritte: A Language for Pipe-BasedProgramming - masters thesis