Life after Heartbleed

Beneath the Internet as we know it lies a sprawling and vulnerable security infrastructure. Until recently this infrastructure was assumed to be self-maintaining; many developers simply ignored it. The April 2014 publication of the Heartbleed vulnerability exposed the folly of this approach. More than a simple vulnerability, Heartbleed was a watershed moment for our community: for the first time in decades, the vulnerability of our security libraries was front page news. At one level, the Heartbleed vulnerability is simply a story of poor software design. But viewed with a wider lens, Heartbleed revealed fundamental weaknesses in our design patterns, trust models, resource allocation, and more. In this session we will discuss the Heartbleed vulnerability as a technical and cultural phenomenon; explore the way it’s changed our industry; discuss the responses to Heartbleed (both technical and organizational); and explore approaches to securing the Internet’s critical infrastructure going forward.