Session: Thursday, November 7, 10:30am – 11:15am
Speaker: Pawel Dawidek, Co-founder and CTO, Fudo Security
Abstract: Trust and security are mutually exclusive. We use the word “trust” when we are unable to verify, whether because it’s impossible or not feasible. It is time our industry acknowledges this and begins closing that gap.
The cybersecurity maturity process can be broken down into the following stages:
- Stage 0: Trust everyone – unencrypted protocols like FTP, rlogin, and HTTP are common.
- Stage 1: Defend against outsider threats – firewalls, authentication systems, encrypted protocols, antiviruses.
- Stage 2: Defend against insider threats – Privileged Access Management (PAM), Data Leak Prevention (DLP), antimalware, Mobile Device Management (MDM).
- Stage 3: Address supply chain threats – open-source, reproducible builds.
We are currently at Stage 3, but there is still a long way to go.
I would like to present how our company is transitioning from a closed-source vendor to one where our products are fully verifiable.
There are many aspects to consider, from broader challenges like intellectual property (IP) protection and licenses that allow for open-source but not free-source use, to technical challenges involving cloud providers, reproducible builds, transparent releases, and components that cannot be open-sourced.
Just as strong cryptography, bug bounty programs, and responsible disclosure processes have become the norm, we strongly believe vendor transparency should be, and will be, a standard practice.
Speaker Bio: Pawel Dawidek is the co-founder and CTO of Fudo Security, where he is dedicated to delivering the most secure PAM solutions. With over 25 years of experience, Pawel has worked on both closed-source cybersecurity solutions and contributed to open-source projects like FreeBSD and OpenZFS. Personally, he is the father of two ‘cyberbrothers’ and a passionate Brazilian Jiu-Jitsu practitioner.