Presentation: Small Is Beautiful: How to Improve Security by Maintaining Less Code

I'm Natalie Silvanovich and I'm on a team called Project Zero at Google. Our team's mission is to make zero day vulnerabilities less accessible to attackers. The biggest thing I do is find vulnerabilities so that they can be fixed so that they're not available to attackers. And I've done this in all sorts of targets:all the browsers and things like Adobe Flash and messaging clients. Altogether in the past five years our team has found over a thousand bugs, a really large number. As we've looked at all those vulnerabilities there seems to be some things they have in common and a very common cause of vulnerabilities is unnecessary attack surface. So there'll be a feature that is not being used or maybe not being used in the context that's causing the vulnerabilities. That's putting the users at risk with no benefits. My goal in this talk is to share some of these vulnerabilities and look why the code is necessary. I'm hoping that people will learn a bit about the importance of getting your code base clean. It doesn't just make things easier, it can also have a big security benefit.

I would say all of them. For developers it is useful to understand that on the level of your code base why is it important to get rid of code you aren't using. But also from the architect's perspective there are lots of examples where there is some code that's high risk that was intended to be used in a local context, but designed to make it available in a remote context. There are lots of opportunities for secure design that reduces the risk that components get exposed to high risk interfaces. A lot of this stuff requires leadership support, it requires people being given the time and resources to make projects that reduce attack surface. So I think it's important to everyone involved in this lifecycle.

There is a whole spectrum. There are some bugs where I'll be explaining, this is the line of code and this is how it got in. When I'm starting the talk I'll explain that in detail so people get the concept of what are these bugs, how did they cause security problems, and then as I go through the talk I move to a much higher level. For example, this was a similar bug, and it happened because someone didn't sync the change to another branch, and to explain how when these fundamentals are not respected bad things can start happening. I would say 20% are code-level examples, 80% are more general.

I want them to say, OMG, I am deleting a bunch of stuff tomorrow.