Black Hat Parisa Tabriz, a director of engineering at Google and head of the web giant’s Project Zero bug-hunting squad, today opened this year’s Black Hat USA conference with a reminder that partying is key to securing software. There’s more to it than that, of course: clear goals and targets have to be set, management and staff have to be in agreement and reading from the same page, and the root causes of bugs need to be identified and addressed rather than sticking plaster slapped over holes.

Writing secure code and protecting systems is an arduous task, so employees need to stay motivated – and celebrating successes regularly, with a little party or two, encourages folks to get things done. Oh, and don’t be distracted by fads like blockchain databases…

“Blockchain is not going to solve security problems,” she told the crowd, much to the chagrin of vendors who have signs up in the expo hall proclaiming the opposite. “We have made great strides in the past decade, but the threat landscape is becoming increasingly complex and our current approach is insufficient.” By way of example, she discussed Google’s four-year project, completed in July, to have Chrome label non-HTTPS webpages as insecure.

There was significant pushback when the naming’n’shaming move was proposed, however, by setting out clear goals and working to get management to buy into it, the project was launched. The Googlers working on the move even held a poetry slam to write haikus describing where they wanted to go, including this gem: By 2015, a section detailing the push was added to and developed on the Chromium wiki.

This was used to push the case to management to make the switch. Each milestone was celebrated within the team, sometimes as simple as baking a cake and having a bit of a party. Read more from theregister.co.uk…

thumbnail courtesy of theregister.co.uk