Safety vs Security: A Tale of Two Updates
When developing a product, safety and security usually go along nicely : Both want a product that has no remaining bugs.However, once the product is out, the constraints of safety and security tends t …
| Talk Title | Safety vs Security: A Tale of Two Updates |
| Speakers | Jeremy Rosen (Expertise manager, Smile.fr) |
| Conference | Open Source Summit + ELC Europe |
| Conf Tag | |
| Location | Lyon, France |
| Date | Oct 27-Nov 1, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
When developing a product, safety and security usually go along nicely : Both want a product that has no remaining bugs.However, once the product is out, the constraints of safety and security tends to be very contradictory. Safety tend to avoid updating the product, whereas security wants the exposure window to be as small as possible.The embedded ecosystem always had a culture heavily influenced by safety, and this is one of the few places where product owners will say “no” to security if they are not confident that it won’t compromise safety.This talk will analyze the two philosophies, based on Jeremy Rosen’s experience interacting with safety engineers, security officers, and various product owners and project managers.Once the pain points are understood, the talk will discuss how to mitigate them, either through an architectural approch or by giving talking points to present the safety constraints to a security officer and the security constraints to a safety engineer.
