Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
<EPAM> 1/61
Vernon Kidd, Therac-25 and Nancy Liveson
<EPAM> 2/61
About me
— Vladimir Ivanov
— Designing Mobile-centric solutions for living
<EPAM> 3/61
We're in a disaster
<EPAM> 4/61
What is IT-Industry?
— The sum of companies providing information and data based products and services added by IT-departments of other companies.
<EPAM> 5/61
What is great about our industry?
— We are growing despite Brexit, the US - China trade wars and others2
— The developers are paid far from minimum wages(3000 vs 330) 3
— The remote style is conquering the world
3 https://www.iotforall.com/infamous-iot-hacks/
2 https://www.gartner.com/en/newsroom/press-releases/2019-01-28-gartner-says-global-it-spending-to-reach--3-8-trillio
<EPAM> 6/61
However
<EPAM> 7/61
However
— Security is a disaster
— Quality is a concern
— Bad diversity and inclusion
<EPAM> 8/61
Security
<EPAM> 9/61
Security
— Data breaches potentially affected > 1 billion users in 2018
— New breaches happen literally every day
— Mobile application security is a big concern since 2011
<EPAM> 10/61
<EPAM> 11/61
<EPAM> 12/61
N26
— Same app for verification
— Exposed secret information in the API
— All powerful Support
— No notification about secrets changes
<EPAM> 13/61
Luckily everything is fixed, but impression...
<EPAM> 14/61
Firebase misconfiguration
— 2.6 million plaintext passwords and user IDs
— 4 million+ PHI records
— 25 million GPS location records
— 50,000 financial records including banking, payment and Bitcoin transactions
— 4.5 million+ Facebook, LinkedIn, Firebase, and corporate data store user tokens.
<EPAM> 15/61
Vulnerabilities in Android
— Download provider allows for accessing all downloads(which can be used to hijack OTA update)
— Accessing protected data(like CookieData)7
7 https://ioactive.com/multiple-vulnerabilities-in-androids-download-provider-cve-2018-9468-cve-2018-9493-cve-2018-9546/
<EPAM> 16/61
IoT
<EPAM> 17/61
Top IoT hacks of 20183
— Mirai Botnet
— Jeep car hijacking
— Owlet wifi Heart Monitor for Babies
— Tesla stealing4
— Teledildonic
4 https://www.theverge.com/2018/10/22/18008514/tesla-model-s-stolen-key-fob-hack-watch-video
3 https://www.iotforall.com/infamous-iot-hacks/
<EPAM> 18/61
<EPAM> 19/61
Conclusion #1: We don't pay enough attention to the
security.
<EPAM> 20/61
Quality
<EPAM> 21/61
<EPAM> 22/61
Business insider
— Two popups
— 25% of content is visible
— The page restarts on accepting cookies
— Debug output on the page
<EPAM> 23/61
Frenchkit
<EPAM> 24/61
Twitter App
— Newsfeed still lags on Samsung S9
— 8 cores are still not enough for twitter for smooth scroll!
<EPAM> 25/61
Conclusion #2: Our apps are unstable, slow, creepy looking, lack functionality
or become incredibly complex.
<EPAM> 26/61
Inclusion
<EPAM> 27/61
<EPAM> 28/61
If you lack diversity in your product teams, you're unable to build proper
products
<EPAM> 29/61
Terms
— Inclusivity - ability of a group to include different people
— Diversity - property of a group including different people
<EPAM> 30/61
Gender diversity
— Because it affects everybody.
— It's not about social justice, wage gap, etc.
<EPAM> 31/61
Some stats
— Women occupy 7% of programming jobs in Russia, 20% in USA5
— Stackoverflow.com audience is only 9% women 6
6 https://www.ncwit.org/sites/default/files/resources/womenintechfactsfullreport_05132016.pdf
5 Different sources, like https://www.ncwit.org/sites/default/files/resources/womenintech_facts_fullreport_05132016.pdf , https://habr.com/en/company/moikrug/blog/329018/
<EPAM> 32/61
More stats...
One large-scale study found that after about 12 years, approximately 50 percent of women had left their jobs in STEM fields—mostly in computing or engineering (Glass, Sassler, Levitte & Michelmore, 2013). As Figure 1.6 indicates, only about 20 percent of women working in other non-STEM professional occupations left their fields during the 30-year span covered by the study. Women in STEM also were more likely to leave in the first few years of their career than women in non-STEM professions.6
6 https://www.ncwit.org/sites/default/files/resources/womenintechfactsfullreport_05132016.pdf
<EPAM> 33/61
Somehow we push away women
<EPAM> 34/61
<EPAM> 35/61
Death by a thousand cuts
https://speakerdeck.com/vixentael/a-death-by-thousand-cuts?slide=5
<EPAM> 36/61
<EPAM> 37/61
<EPAM> 38/61
<EPAM> 39/61
Some guys even claim the girls are weaker in logical
thinking...
<EPAM> 40/61
Because they don't win the checkmate tournaments in
20th century! Facepalm
<EPAM> 41/61
<EPAM> 42/61
<EPAM> 43/61
Conclusion #3 : Despite having insufficient
developers we push away a group with most potential,
which is plain stupid
<EPAM> 44/61
Conclusion #3 : Despite having insufficient developers we push away a group with most potential, which is plain
stupid
BTW, there are agism, race prejudice and other problems, but gender is a worldwide thing.
<EPAM> 45/61
If it's not enough...
https://tonsky.me/blog/disenchantment/
<EPAM> 46/61
Life is Suffering
<EPAM> 47/61
Amusement?
<EPAM> 48/61
Responsibility
<EPAM> 49/61
Slay a dragon!10
10 https://en.wikipedia.org/wiki/Princessanddragon
<EPAM> 50/61
But how?
<EPAM> 51/61
You make yourself strong, and knowledge and skill is
your sword.
<EPAM> 52/61
Pass a security training
— https://training.cossacklabs.com/
— https://asap.kaspersky.com/en/
<EPAM> 53/61
Read a damn book!
— iOS Application Security15
— Android Security Internals16
— Serious Crypto от @veorq
— Cryptography Engineering от @schneierblog
16 https://nostarch.com/androidsecurity
15 https://nostarch.com/iossecurity
<EPAM> 54/61
Attend to a damn course!
— On udacity for example11
11 https://www.udacity.com/course/applied-cryptography--cs387
<EPAM> 55/61
Encourage women and underrepresented folks
— Cut the unacceptable behavior
— Give women voice
— Help WomenWhoCode, WomenInTech, InfluenceHER and other communities
<EPAM> 56/61
Fight for quality
— Require a UX engineer
— Use dogfooding
— Do not hesitate to object
<EPAM> 57/61
Attend to a damn course!
— In Udemy for example12
12 https://www.udemy.com/sketchdesign/?altsc=381850
<EPAM> 58/61
So
— Get ownership for your product13
— Standup for quality, security, inclusivity and other issues
— Learn
— Make the world around you a better place, at least not worse
13 https://www.amazon.com/Extreme-Ownership-U-S-Navy-SEALs-ebook/dp/B00VE4Y0Z2
<EPAM> 59/61
<EPAM> 60/61
Me
— https://twitter.com/vvsevolodovich
!
— https://medium.com/@dzigorium
"
— https://mobiusconf.com/cfp
<EPAM> 61/61