The security community is trying to solve insecurity caused by bugs and flaws in software for many years now, but with what success? We almost never look in successes and failures experiences in other areas, but we could really learn from. This talk is inspired by Ernesto Sirolli’s TED talk “Want to help someone? Shut up and listen” about failures in the aid program’s around the world. Listening to Ernesto Sirolli, you cannot miss the similarity with the security community trying to tell developers how to write secure code.
This talk points out common failures of the security community when communicating with developers, trying to solve their problems without understanding what their problems really are. Using the hippo-analogy for security failures, during the talks those Œ(in-)secure hippos’ are identified, advice on how to avoid them are provided, by anecdotes and best practices from the experience of the past 10 years in the security field as a consultant.