By mock from Victoria.pm
Date: Wednesday August 13, 2008 14:10
Duration: 30 minutes
Tags: kwalitee perl qa security sekuritee testing vulnerability
Title: Sekuritee: a measure of potential vulnerability
It has been said that CPAN is perl's killer app. Because of this, perl
programs typically have a large tree of dependencies - which makes life very
difficult for the application security auditor. Sekuritee is a metric
somewhat similar to Kwalitee which helps to determine which modules are more
likely to contain vulnerabilities so that the savy security auditor can
concentrate on the code most likely to contain vulnerabilities, perl
developers hopefully will be able to play the odds correctly when choosing
modules from CPAN, and module authors will be embarrassed into fixing
their silly mistakes. This talk will reveal my method for assigning a
sekuritee score, unveil a public tool, and show some of the results
achieved from applying the score.
