Free/Open Source Software veteran Lars Kurth will be giving a couple of presentation at SCALE, including one on SCALE Sunday at 3 on "Are Today's FOSS Security Practices Robust Enough in the Cloud Era?" The SCALE Team caught up with Lars for some insight on this talk.
Q: Could you please introduce yourself and tell us a little about your background?
A: I have been around open source for a very long time, originally working on GNU and Eclipse. During that time, my focus was very much on development tools such as compilers, debuggers, build tools, IDEs, etc. I developed a deep passion for open source and community work, which eventually led me to take on Community Management for the Xen Project in 2011. Moving from tools to virtualization and IaaS was a little bit of a break with my past, and at that time the Xen community was going through some real challenges. One of the biggest challenges I faced then, was that Xen was perceived as a Citrix only project. We fixed this, by convincing Citrix and other core contributors to Xen to move the project to the Linux Foundation in 2013. Since then, I have chaired and guided the Xen Project Advisory Board while still doing community work, writing the odd bit of code or documentation, evangelism/PR and writing the occasional article for the technology press about the Xen Project, Unikernels and Open Source Security. I am quite proud that I helped lead the Xen Project back onto the path of success, but of course the world changes all the time and new and interesting problems arise without much warning and need to be addressed. One of those problems is how to handle security vulnerabilities effectively in an open source set-up, which is why I put this presentation together.
Q: You're giving a talk on "Are Today's FOSS Security Practices Robust Enough in the Cloud Era?". Without tipping your hand on the actual talk, can you give us an idea of what we might expect?
A: Of course, the title of my talk is a rhetorical question and the answer is ... well you should really attend my talk ;) When I started to think about this talk, I realized that many people in open source (outside the security community) do not really have a lot of good information on how security issues are handled by various open source projects. This is particularly common for users of open source software. If you take a look at these practices, you come to realize the range of different practices out there, is quite diverse. This has major implications for the security of your own software stack. Your security is only as strong as the weakest link in your stack. Compound this with the fact that there is more and more media coverage about security issues - often sensationalized - and it becomes increasingly hard for users to make any sensible judgements when it comes to security. I hope that my talk can help a little bit with this and give you the tools to make informed decisions. To make the talk interesting more than just a process and technology comparison, I will use fun analogies such as Zombies vs. Vulnerabilities, The Walking Dead vs. Security teams and a few others. And I will also draw on some of the stories and crises I have personally experienced while supporting the Xen Project Security team over the last few years.
Q: Is this your first visit to SCALE? If so, what are your expectations? If not, can you give us your impressions of the event?
A: I have attended and spoken at SCALE 10X and 11X and always loved the event! It's a great combination of developers, sysadmins and open source folks getting together. The event really always had a unique vibe. But as a European, going to both SCALE and FOSDEM has always been somewhat of a challenge. I am really looking forward to going to both events this year and see how SCALE and the communities participating in it have evolved.
SCALE Team interview by Michelle Klein-Hass