[Pycon] [new paper] "Thierry Carrez" - The Spectre and the Meltdown: a modern fable
info a pycon.it
info a pycon.it
Ven 12 Gen 2018 13:34:42 CET
Title: The Spectre and the Meltdown: a modern fable
Duration: 45 (includes Q&A)
Q&A Session: 15
Language: en
Type: Talk
Abstract: The year 2018 started with the public disclosure of vulnerabilities in modern CPU design, nicknamed Meltdown and Spectre. The novel technical nature of those vulnerabilities, the way the responsible disclosure process was handled, and the financial implications all make a great cautionary tale about greed and badly-handled technical trade-offs.
In this talk, we will go into detail explaining the flaws in Python-equivalent terms, how they can be exploited and the current patches and mitigations working around them. We'll dive into how the CPU industry ended up in an all-in quest for speed. We'll explore how much of a game changer it is (or not) for software vulnerability management, and other useful lessons that can be learned from the incident. No prior specific knowledge is required !
Tags: [u'best-practices', u'hacking', u'software-engineering', u'CPU', u'security', u'infosec', u'collaboration', u'#lessonslearned', u'#Horror']
Maggiori informazioni sulla lista
Pycon