Sunday, March 6, 2016

The interesting things from RSA are what didn't happen, and containers are sandwiches

The RSA conference is done. It was a very long and busy show, there were plenty of interesting people there and lots of clever ideas and things to do.

I think the best part is what didn't happen though. We love talking about the exciting things from the show, I'm going to talk about the unexciting non events I was waiting to happen (but thankfully they did not).

The DROWN issue came and went. It wasn't very exciting, it got the appropriate amount of attention. Basically SSLv2 is still broken, don't use it for any reasons. If you use SSLv2, it's like licking the handrail at the airport. Nobody is going to feel bad for you.

There were keynotes by actors. The world continues to turn (pun intended). But really, these keynotes are about being entertaining, I didn't go, because well, they're actors :) But I suspect they were entertaining. No doubt this will happen more and more as there are more and more security conferences, finding good keynotes will only get harder. They should hire that guy from the Hackers movie next.

There weren't any exciting hacking events. Not that stunt hacking is a thing for RSA, I'm glad nobody tried anything new. I'm sure Blackhat will be a very different story. We shall wait and see.

And most importantly, I wasn't booed off the stage :P
I was pleased with how my talk went. Attendance was light but that's expected on a Friday morning. The thing that made the happiest is that they had to kick our group out of the room for the next talk, not because I rambled on but because I got everyone in the room talking to each other. It was fantastic.

On to the interesting bit of the trip though. I found the most interest when I was talking about Red Hat's concept of a trusted container registry. Today if you're using the public registry it's comparable to finding a sandwich on a bench at the park. You can look at it, you can tell it has ham and lettuce, but I mean, it's a sandwich you found on a bench. Are you going to eat that?

If you want a nice sandwich you're going to go to a sandwich shop, order a sandwich, and watch someone make it for you. You can then go and sit on the bench if you want.

The idea behind Red Hat's trusted registry is we have a container registry for Red Hat customers. We control all the content in the registry, we know exactly what it is. We know where it came from. We control the sandwich supply chain from start to finish. No mystery meats here!

All the security people I talked to know that containers are currently a bit of a security circus. None of them knew what Red Hat was doing. This is of course a great opportunity for Red Hat to spread the word. Stay tuned for more clever sandwich jokes.