Max Schaefer, Lead Software Engineer at Semmle
We’ve all become used to the daily barrage of reports about major security flaws and data breaches in both open-source and proprietary software. Last year alone, tens of thousands of CVEs were assigned, at a rate of almost two CVEs per hour. Unfortunately, security vulnerabilities are notoriously hard to test for, they are out of scope for linters, and even the most attentive code reviewer is bound to miss many of them. So what’s a developer to do?
In this talk, I will show you a few of the most interesting results and CVEs we have found so far. I will briefly explain some of the challenges of doing static analysis at scale and give you a taster of what it's like to use QL. Most importantly, though, I want to inspire you to use LGTM to improve the open source software the entire world has come to rely on by fixing alerts and writing your own analyses!
This event is open to public. Priority will be given to:
• Representatives from Consortium member companies
• Staff at Singapore government agencies
• Staff and full-time students at local Institutes for Higher Learnings (IHLs) and Research Institutes (RIs)
• Invited guests
For enquiries, please contact the Singapore Cybersecurity Consortium.