Weeding out security bugs
Security bugs are routinely found in software that is shipped with the Debian OS. These bugs go from obscure bugs nobody thought about to common and recurring mistakes that open up our user's systems to attack.
The workshop will focus and show how Debian developers can detect and fix these bugs themselves, showing off tools used and developed by the Security Audit Team.
Also, some insights on how to introduce security engineering into software development to avoid bugs following well known practices such as: minimum privileges, safe default configurations, fail safe, input validation, etc.
If all Debian developers would apply these principles the Debian OS would, consequently, have less security bugs which would reduce the workload of the security team. Also, if Debian developers would be able to spot troublesome software that requires careful review before uploading it to the distribution we would also prevent a lot of inmature, security-bug-ridden software in the distribution.
The workshop's end goal is to give more power to developers based on past experiences as a way to improve security in the Debian OS.