public/website
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Extending abstract

Browse source
This commit is contained in:
Michael Boelen 2024-10-24 17:46:01 +00:00
parent df204e4052
commit f0d46aab9a
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
content/evenementen/nluug/najaarsconferentie-2024/talks/eirik-overby-freebsd-and-the-absurdities-of-security-compliance.md
View file

@ -14,6 +14,12 @@ speakers:
Assume absurdity, embrace sanity. Welcome to The Blame Game.
The world of security compliance is defined by a few key players: The ones writing the requirements, the ones covering their asses, and the ones wholl be blamed in the end. Since about 2008 weve been firmly placed in the latter category, and despite the obvious downsides it is, really, where we prefer to be.
Security requirements pertaining to the payment industry include the various PCI standards, card system specific requirements, national and regional laws, regulations and directives, and whatever else comes to the minds of the various players. While there is sanity to be found in some of them, there is also plenty of absurdity. It is this, above all, that leads us to use the term "The Blame Game" about it all.
We do pretty much everything with FreeBSD. From routers (bsdrp) and firewalls (pfSense) to application- and database servers, were running FreeBSD everywhere. The only closed-source software we employ are our own applications (boo!). Our basic principle has always been to identify the root cause of a security requirement and then comply in a way that goes beyond "ticking the box"; whatever we do has to be useful and practical and not something were ashamed to talk about.
## Biography
Model 77, Slackware-gone-BSD in the early 00s, escaped the dying world of OS/2 to be doomed to death by Netcraft for another decade. Now managing jailed (but not dead!) systems for a living and as a hobby.