Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Wake Up, Neo

Wake Up, Neo

The industry has it's problems: security, quality and inclusivity. And they are severe, and we are the ones who can made the change.

Vladimir Ivanov

August 09, 2019

More Decks by Vladimir Ivanov

Other Decks in Technology


  1. What is IT-Industry? — The sum of companies providing information

    and data based products and services added by IT- departments of other companies. <EPAM> 5/61
  2. What is great about our industry? — We are growing

    despite Brexit, the US - China trade wars and others2 — The developers are paid far from minimum wages(3000 vs 330) 3 — The remote style is conquering the world 3 https://www.iotforall.com/infamous-iot-hacks/ 2 https://www.gartner.com/en/newsroom/press-releases/2019-01-28-gartner-says-global-it-spending-to-reach--3-8-trillio <EPAM> 6/61
  3. However — Security is a disaster — Quality is a

    concern — Bad diversity and inclusion <EPAM> 8/61
  4. Security — Data breaches potentially affected > 1 billion users

    in 2018 — New breaches happen literally every day — Mobile application security is a big concern since 2011 <EPAM> 10/61
  5. N26 — Same app for verification — Exposed secret information

    in the API — All powerful Support — No notification about secrets changes <EPAM> 13/61
  6. Firebase misconfiguration — 2.6 million plaintext passwords and user IDs

    — 4 million+ PHI records — 25 million GPS location records — 50,000 financial records including banking, payment and Bitcoin transactions — 4.5 million+ Facebook, LinkedIn, Firebase, and corporate data store user tokens. <EPAM> 15/61
  7. Vulnerabilities in Android — Download provider allows for accessing all

    downloads(which can be used to hijack OTA update) — Accessing protected data(like CookieData)7 7 https://ioactive.com/multiple-vulnerabilities-in-androids-download-provider-cve-2018-9468-cve-2018-9493- cve-2018-9546/ <EPAM> 16/61
  8. Top IoT hacks of 20183 — Mirai Botnet — Jeep

    car hijacking — Owlet wifi Heart Monitor for Babies — Tesla stealing4 — Teledildonic 4 https://www.theverge.com/2018/10/22/18008514/tesla-model-s-stolen-key-fob-hack-watch-video 3 https://www.iotforall.com/infamous-iot-hacks/ <EPAM> 18/61
  9. Business insider — Two popups — 25% of content is

    visible — The page restarts on accepting cookies — Debug output on the page <EPAM> 23/61
  10. Twitter App — Newsfeed still lags on Samsung S9 —

    8 cores are still not enough for twitter for smooth scroll! <EPAM> 25/61
  11. Conclusion #2: Our apps are unstable, slow, creepy looking, lack

    functionality or become incredibly complex. <EPAM> 26/61
  12. If you lack diversity in your product teams, you're unable

    to build proper products <EPAM> 29/61
  13. Terms — Inclusivity - ability of a group to include

    different people — Diversity - property of a group including different people <EPAM> 30/61
  14. Gender diversity — Because it affects everybody. — It's not

    about social justice, wage gap, etc. <EPAM> 31/61
  15. Some stats — Women occupy 7% of programming jobs in

    Russia, 20% in USA5 — Stackoverflow.com audience is only 9% women 6 6 https://www.ncwit.org/sites/default/files/resources/womenintechfactsfullreport_05132016.pdf 5 Different sources, like https://www.ncwit.org/sites/default/files/resources/womenintech_facts_fullreport_05132016.pdf , https://habr.com/en/company/moikrug/blog/329018/ <EPAM> 32/61
  16. More stats... One large-scale study found that after about 12

    years, approximately 50 percent of women had left their jobs in STEM fields—mostly in computing or engineering (Glass, Sassler, Levitte & Michelmore, 2013). As Figure 1.6 indicates, only about 20 percent of women working in other non-STEM professional occupations left their fields during the 30-year span covered by the study. Women in STEM also were more likely to leave in the first few years of their career than women in non-STEM professions.6 6 https://www.ncwit.org/sites/default/files/resources/womenintechfactsfullreport_05132016.pdf <EPAM> 33/61
  17. Conclusion #3 : Despite having insufficient developers we push away

    a group with most potential, which is plain stupid <EPAM> 44/61
  18. Conclusion #3 : Despite having insufficient developers we push away

    a group with most potential, which is plain stupid BTW, there are agism, race prejudice and other problems, but gender is a worldwide thing. <EPAM> 45/61
  19. Read a damn book! — iOS Application Security15 — Android

    Security Internals16 — Serious Crypto от @veorq — Cryptography Engineering от @schneierblog 16 https://nostarch.com/androidsecurity 15 https://nostarch.com/iossecurity <EPAM> 54/61
  20. Attend to a damn course! — On udacity for example11

    11 https://www.udacity.com/course/applied-cryptography--cs387 <EPAM> 55/61
  21. Encourage women and underrepresented folks — Cut the unacceptable behavior

    — Give women voice — Help WomenWhoCode, WomenInTech, InfluenceHER and other communities <EPAM> 56/61
  22. Fight for quality — Require a UX engineer — Use

    dogfooding — Do not hesitate to object <EPAM> 57/61
  23. Attend to a damn course! — In Udemy for example12

    12 https://www.udemy.com/sketchdesign/?altsc=381850 <EPAM> 58/61
  24. So — Get ownership for your product13 — Standup for

    quality, security, inclusivity and other issues — Learn — Make the world around you a better place, at least not worse 13 https://www.amazon.com/Extreme-Ownership-U-S-Navy-SEALs-ebook/dp/B00VE4Y0Z2 <EPAM> 59/61