A historical analysis of the security maturity of OpenSSH presented at bsidesperth 2017

by Matt Jones,

Summary : In this presentation, Matt will look at the security history of OpenSSH - software that has had high security requirements and exposure due to it being an integral part of computer systems worldwide for the past 17 years.A detailed analysis of previous security vulnerabilities will be performed, looking at the trends in vulnerability research and the eras of vulnerability classes over the years. Further to this, a review for how OpenSSH has steadily matured its security and incorporated defensive measures to combat attacks and make itself resilient to threats will be presented.A portion of the talk will look at the core concepts to generalise the key offensive and defensive principles to everything we see today. In particular, as platform, framework, and application security is constantly evolving, what are the core concepts and approaches for us to understand well and share with others to help evolve application security collectively?