The Decalogue(ish) of Contractual Security Sins presented at BSidesLjubljana 2019

by Sebastian Avarvarei,


Summary : In today’s multi-sourced enterprise, your security is as good as your worst written contract. The bad news? I haven’t seen many well-written contracts so far… The good news? I’ve seen plenty of bad ones. Why is that good news? Because now I can tell you what are the Security contractual sins you should avoid, and how to avoid them.This presentation will take you through some of the most egregious Security mistakes I keep encountering in IT contracts and will offer solutions to avoid them. The presentation is targeted at both customers and providers of IT and Security services. Because better contracts mean happier business relations for both parties. And more profits. And better Security.(And yes, a Decalogue means 10. In practice, we found that there are quite a few more “sins”. Hence, the “ish” suffix in the title. Hope it will be forgiven.)