Security

Periodically, security releases are published to patch vulnerabilities and make our websites secure again, but do we know exactly how these vulnerabilities (and their exploits) work behind the scenes? How does the patch change our code, so the vulnerabilities are fixed and the risk mitigated?

Creating a collaboration and communication platform to service millions of global users conventionally requires the design and resources of a centralized and proprietary nature, managed by a single entity.   Users either have to pay or trade privacy and security for the convenience and ubiquity of access.  With recent theft and massive lost of user data across well known social networks and other massive centralized public facing platforms, th

With Drupal 8, we received more powerful control over who can do what to a specific entity. The only downside is that this whole system does not apply at all to entity lists. The only exception being nodes (content), which still use the rather complex yet limited grants system. It's time we fix that and come up with a solution that works for all entities, all operations and still has decent performance.

This session will highlight these topics:

• The current state of the Drupal community and their common update processes from a security point of view
• What’s the Automatic Update Initiative discussion about?
• Auto Updates in Drupal - future case discussion

In my session I'll show the most common vulnerabilities that our Drupal code can have and how we should be prepared to avoid such an unsecure code to be released. The presentation covers trends in vulnerabilities, starting in general aspects then showing Drupal specific ones. I'll also speak about what we should do if we find any vulnerabilities in contributed solutions.

This talk will present the use of open source software at the European Commission as well as dive into the EU-FOSSA initiative.

The Drupal project has been following a responsible disclosure model for more than 12 years. As Drupal has grown from a few thousand installs to more than 1 million, and as the number of contributed projects on Drupal.org has grown from tens to tens of thousands, the Drupal Security Team has continually evolved our processes to scale our security coverage.

OpenSource CMS like Drupal, WordPress or Joomla are extremly popular targets for all sorts of attacks. Most of them are available 24/7 and hosted on powerful machines, making them very valuable tools for further attacks once compromised. In this session I want to tell you about SIWECOS, a project funded by the german ministry of economics, that wants to improve the security of CMS-based websites.

During this session, we will present the OpenEuropa Initiative, the Open Source components that you can already use in your projects, and the (micro)Service Oriented Architecture and Technical Governance that drive the design and development of these components.

Hold your breath, make a wish
Count to three

Come with me and you'll be
In a world of pure implementation
Take a look and you'll see into your pipeline
We'll begin with a spin
Securing containers of your creation
What we'll see will have lots of explanation

As developers, we are capable of many amazing feats. We can create experiences that touch the lives of millions, brings aid to the corners of the world, empowers new businesses and bring a voice to the voiceless. However with this capability, we must also take on the responsibility for the people, and data, we interact with.