Decoded Chats – Ingrid Epure on Security

Ingrid is an engineer currently working for Intercom in Dublin, Ireland. She has been coding for more than 12 years and discovered her passion for distributed systems and infrastructure 3 years ago. She is a conference speaker, an active member in the Python community and loves mentoring and helping with community-driven events.

You can catch her on Twitter as @ingridepure and find her code on GitHub

If you prefer to have an audio version, you can download it here (MP3, 22MB)

Here are the questions we covered:

  1. What made you choose security as your topic to talk about here at this event? (00:04)
  2. Security is a topic that can come across as pretty daunting and in the past we had a lot of almost condescending talks about it. Do you think this is changing? Are we becoming more human and approachable? (00:58)
  3. Advances in technology like high-powered GPUs and upcoming quantum computing makes brute forcing much easier and a matter of seconds rather than hours. Is this a threat we are not seeing yet? (02:24)
  4. Most companies have security departments that play the role of a blocker at the end of development process. Do you see that changing to more of a consulting role and do we want that?(03:08)
  5. Every so often we get information of a very “clever” attack that spooks everybody out. Do you think that is helpful or does it scare people into giving up on trying to prevent issues? (04:32)
  6. We have linting tools for CSS, HTML and JavaScript that tell us that we are doing something wrong while we write our code. Security tools tend to be testing tools after the fact. Do you think a security linter could be done? (06:12)
  7. We tried to make JavaScript safer with CSP and approaches like AdSafe. But there was always a backlash from developers. How can we change that?(08:52)
  8. It seems to be too easy to run a full server and use a lot of third party code to build products these days. Do you think there is a general danger of people not realising their responsibilities when it comes to security? (10:27)
  9. Is there a general problem of showing people shortcuts upfront without allowing a junior developer to learn by making mistakes and getting deep into the subject matter? (12:47)
  10. Where would you tell people to go to learn more about web security? (14:03)

Leave a Reply

Your email address will not be published. Required fields are marked *