Invited Speaker Seminar: Security and Open Source

Mr. David Mirza Ahmad,
President, Subgraph

March 6 (4:00 pm)
Location: EV3.309

Abstract

Open source is good for security and always has been. Though most people are starting to realize this now, post-Snowden, this presentation tells the lesser-known history of security and open source, with Kerckhoffs' principle as a unifying theme. Auguste Kerckhoffs was a 19th century linguist who had an important realization: obscurity doesn't provide any real security.

I'll begin with an introduction of his principle and explanation of its fundamental importance to the field of cryptography. Kerckhoffs' big idea is also relevant beyond the theoretical realm of cryptographic algorithms. I'll also talk a bit about our company history, what we do, and the things we've developed.

Biography

David is an open source software developer and entrepreneur working in computer security, cloud computing, and privacy/free speech online. He is one of the founders of Subgraph, a Montreal-based open source security startup, which created and maintains Vega, a platform for security testing web applications, as well as Orchid, a Java Tor client and library.

Prior to this, he was a founding member of Security Focus, where he moderated the Bugtraq mailing list, a historically important computer security forum which had over 50,000 members at its peak. David has spoken at numerous security and open source conferences, as well as made contributions to books, magazines and other publications. David also participated in a NIAC working group on behalf of Symantec to develop the first version of the CVSS (Common Vulnerability Scoring System) model and served as editor for the Attack Trends section of IEEE Security & Privacy for over three years.