Defense in Depth, as learned from watching football

What does application security and football have in common? In both cases, there is an offense who leads different attacks to try to breach their opponent. The defense is then set up in a way to prevent and minimize the impact of those attacks. Football teams have three levels of defense, and within those levels, there are different positions with different specializations. This is the ultimate defense in depth strategy where coaches predict hundreds of likely plays in order to build a playbook of possible protection scenarios. By consistently practicing and preparing for those possible scenarios, defensive players are able to stop attacks early with minimal gain. Just as a well-coordinated defense protects a team from scoring, a robust application security strategy safeguards digital assets from cyberattacks. By understanding the parallels between maintaining secure code and football defense, developers can continue to create and maintain secure open source software.

While the talk will focus on the more broad topic of application security and maintaining secure code, a majority of the storytelling will be on open source security. This will include talking about different open source vulnerabilities and how to use defense in depth techniques to prevent future open source vulnerabilities. No prior knowledge of football or application security is needed to attend this talk.