Subgraph was at OSCON 2011. The organizers of OSCON did an excellent job, and Portland is a beautiful city with very friendly people and great public transportation.

The conference was an opportunity to meet some amazing people. We had discussions with over 100 developers of web applications and all of them clearly expressed a need for a tool like Vega.

I spoke on open source and security during the IT Leader’s Summit.

It was almost an anthropological talk, making a case that open source and security have always fit naturally together. This is an idea that some people find counter-intuitive, so I began the story with Auguste Kerckhoffs and his important realization: security through obscurity is a bad assumption. The story continued with the modern-day necessity of sustained public scrutiny in the world of cryptography, and how this idea could, and should, be extended to software, especially security software.

The talk also covered the lesser-known history of the security research community, including anecdotes from my time running Bugtraq, the largest forum of security researchers on the Internet (50,000 members during its peak). This community, which has always been very open and collaborative, has produced much innovation that we rely on every day. Innovation that has made its way into commercial solutions. With Kerckhoffs’ principle as a unifying theme, this is a story that is interesting for anyone, and I look forward to further sharing it.

The slides are available here:

http://www.subgraph.com/downloads/Subgraph-Kerckhoffs_Legacy-OSCON2011.pdf

We’ll definitely be back next year.