It seems to be almost a weekly occurrence that another company makes the news headlines for being hacked and in the process disclosing sensitive user data and company secrets. These security meltdowns can cause catastrophic effects to the company in lost user trust and huge costs putting things right.

A nuclear power plant is considered one of the most dangerous things mankind has built, yet they very rarely go wrong. The systems engineering that goes into making nuclear power plants safe is a fascinating topic to study but on the surface it seems entirely irrelevant to PHP developers.

In this talk I'm going to show you how this level of safety is achieved, what happens when it goes wrong and then see what lessons we, as PHP developers, can learn from it to help us secure our applications from meltdown.


Comments are closed.

Marcus Bointon at 15:27 on 1 Jul 2017

Interesting stuff, but quite abstract. Maybe add some code / config examples to make concepts more explicit?

Boy Baukema at 19:10 on 1 Jul 2017

Great way to introduce designing for security and security principles, comparing to the physical world was very entertaining.

Sander Zegveld at 20:38 on 1 Jul 2017

The title of the talk sounded awesome but unfortunately the presentation wasn't. It was not boring but had at least expect some stories of working at a nuclear facility while coding or some examples how to code secure but neither of that. A disappointment. The way of presenting was good and decent, so the spear should certainly not change the style of presenting, just the things he is showing/telling could be a lot more interesting for a PHP conference.

Deniz Zoeteman at 20:56 on 1 Jul 2017

Great talk! It was very interesting to see how we can apply these security principles from the physical situations to software development. It definitely made me think more about security and how to tackle it. It was a little abstract, which normally wouldn't have been a problem for me, but the time slot (last slot on the 2nd day) made it a little much :)

Erik de Bos at 22:24 on 1 Jul 2017

Very good introduction to security concerns, covering a number of very valuable techniques. Good examples that drove the point home efficiently.

Bas at 12:06 on 2 Jul 2017

I did like the way you compared the security elsewhere to the what software applications could do to raise their security.

Liked the examples combined with practical approaches to identify and improve security in our landscape.

Good talk about why you should use several security layers but I was missing some code examples or schematics how to use that knowledge in your applications.

Gabriel Somoza at 15:29 on 2 Jul 2017

I do think this talk was brilliant: it definitely stood out compared to most of the other talks I attended. Plus I think it has a lot of potential to become even better. No need for showing code in my opinion: the concepts themselves are important enough and there were enough real-live illustrations to back them up.

Maybe some examples of how things went wrong and how they were fixed on real-life software solutions would be nice as well. E.g. how a bank or hospital got hacked, how that compares to a nuclear reactor meltdown, and how they fixed it, etc. But again: no need for code IMO.

Ben Dechrai at 03:47 on 5 Jul 2017

I love talks that compare non-development aspects of life to development, as a way of analogising ways in which we can improve our processes. In this talk, Christopher discussed myriad risk management and failover processes involved in running a nuclear power plant, and suggested ways in which software developers could apply those principles to their work.

While the direction that the talk was taking was interesting, I was disappointed with the examples given in the application of those security principles. One example, to make sure passwords aren't reused across systems, is in my mind something that should be common-practice, not critically highlighted.

Given the narrative, educational style of describing nuclear power station safety and security, I would have enjoyed the story of development to be of a similar style. For example, rather than selecting check-list items of development security to talk about, perhaps find real-world stories about security issues, how they affected systems, and how they could have been avoided, and then bringing it back to the nuclear power plant analogy, to close the loop.

I encourage Christopher to build on this talk; it has great potential :)

Arnout Boks at 16:02 on 7 Jul 2017

I liked the approach of this talk, describing how safety principles in nuclear power plants and other real-life situations can apply to software. I think most of the principles were quite abstract (and sometimes well-known) though, and would have liked a more practical approach with some more in-depth examples. Also, I would love to see examples of how these principles apply to a more micro level (pieces of code rather than entire systems). I appreciate the calm and clear presentation style.