

Thomas Ptacek - America has doomed the industry. Please send help. - smokinn
http://vimeo.com/9260794

======
m0nastic
I know some folks here don't like watching videos, so here are the points I'd
take away (and I think they echo pretty strongly what Thomas has been saying
here):

* Don't do your own cryptography, use SSL and GPG. If your problem isn't able to be expressed using either of these, you should probably refactor it.

* Don't read Applied Cryptography (but do read Practical Cryptography), it's responsible for a great deal of the shittiness of our industry.

* The Art of Software Security Assessment should be required reading by everyone in Canada (the talk was given in Canada)

* If you're into CS, you should seriously consider getting into the security industry (it pays well, and lets you work on much cooler stuff than you might otherwise get to work on)

* If you want to get into the security industry, you should find an open source project (or any project) and try to find vulnerabilities in it. Report them in a non-doushy way and you'll be off to a good start. Also, pick something to become specialized in (dsp, etc.) and you'll have a greater chance of getting the industry's attention.

* Writing secure software is ridiculously hard. Even software designed to be secure will have bugs, and bugs can more often than not lead to vulnerabilities. This bodes well for people in the security industry.

I recommend watching the video, it's nice hearing Thomas talk about this
stuff, and while his advice shouldn't really need to be vouched for, I agree
with what he says.

------
smokinn
Although the vimeo date says 10 months ago, that's just when the video was
uploaded. It was only released a couple of days ago.

It's a talk by tptacek on software security given at the CUSEC conference last
January.

