It seems to be almost a weekly occurrence that another company makes the news headlines for being hacked and in the process disclosing sensitive user data and company secrets. These security meltdowns can cause catastrophic effects to the company in lost user trust and huge costs putting things right. A nuclear power plant is considered one of the most dangerous things mankind has built, yet they very rarely go wrong. The systems engineering that goes into making nuclear power plants safe is a fascinating topic to study but on the surface it seems entirely irrelevant to PHP developers. In this talk I'm going to show you how this level of safety is achieved, what happens when it goes wrong and then see what lessons we, as PHP developers, can learn from it to help us secure our applications from meltdown.

Comments

Comments are closed.

Kat Zien at 13:46 on 30 Sep 2017

Brilliant and enjoyable talk. Informative, and the advice given was easy to understand and clear examples were given.
Loved the analogy to the real world high-risk systems like nuclear power plants and aeroplanes, was awesome to hear more about how those systems are designed and operated and interesting to hear the failure stories too! The occasional jokes were great too (I won't be mindlessly clicking on alerts from now on haha).

The talk was well structured and Chris was well prepared. Kudos for staying completely calm despite losing the slides for a while!

Handled slight technical difficulties very well, and delivered a great speech.

A well structured talk with some good humour thrown in. The use of real world examples really helped to cement the concepts.

Daniel Powley at 14:03 on 1 Oct 2017

Very pleased I attended this, I plan to do an exercise with fault tree analysis in the near future. Lots of other good advice provided too.

Claire Gurman at 16:03 on 1 Oct 2017

Slightly ironic technology failure during the talk, but well handled and good real-world comparisons made to illustrate points.

Ben Plummer at 21:29 on 1 Oct 2017

Great talk that was clearly and confidently delivered. The different methods of analysis to display risks and highlight areas that can be mitigated was very interesting, amongst other things. A lot of useful points taken away from this talk.

Mike Lehan at 09:21 on 2 Oct 2017

An essential concept to learn about and a good example to use to teach security. The fault tree analysis was well mapped up to active web development; I thought the aircraft example worked well but would have been interesting to hear more examples of how independent systems could protect PHP security. Additionally, an extension of security from hackers is security from internal actors - I'd love to learn how nuclear power stations protect against that and if there's more we could learn!

Patrick Asare at 09:36 on 2 Oct 2017

A great talk. I found the fault tree analysis approach to security very insightful. Enjoyed all the analogies and examples.

Thomas Dutrion at 09:46 on 2 Oct 2017

Very interesting parallel between security in the industry and software security. I liked the idea of giving a security talks that's not about tools, checklists and processes, especially given the conference offered a few other options for these.

Dave Liddament at 20:15 on 2 Oct 2017

Interesting to learn about nuclear meltdowns how the how analysis to mitigate the risks and reduce the impact of such disasters can be applied to software.

I'm also impressed that despite requiring a full computer reboot the talk went on smoothly.

Martin Price at 20:26 on 2 Oct 2017

Great talk, I went in wondering whether the "Nuclear powered" aspect of the title would be a tenuous link to whatever computer security approaches were going to be discussed; however, I was pleasantly reassured by very coherent examples of security techniques used in the nuclear and aeronautical industries and how they can relate to software development.

Ronald D. at 12:20 on 3 Oct 2017

Good talk!