BeanSec: The Aftermath

Thomas Ptacek | August 15th, 2006 | Filed Under: Gatherings, Uncategorized

BeanSec 1 apparently worked out well, much like the first ChiSec and NYSEC meetups. Expect exponential growth, guys, levelling out at around, uh, 30 people or so.

Co-host Chris Wysopal reports:

The place has comfy couches and yummy middle eastern appetizers. Seven people attended. It was a nice diverse group: a network security researcher from Lincoln Labs, a network administrator from Harvard’s network group, 2 developers from the Tor project, two folks from Veracode (including me) and Oliver Day.

We had the place mostly to ourselves for the first hour and a half. Then other people started trickling into the bar and the DJs started playing. The music was at a level where we could still talk comfortably. Overall it was a relaxing atmosphere.

Co-host Oliver Day adds:

I kicked off the discussion with my opinions of Simson Garfinkles ‘skepticism’ towards security research. Most of this stems from the comments made during Derek Bambauer’s last Berkman fellows talk.

Garfinkle’s labeling of security researchers as “extortionists” amused the group and his claim that the speakers at Blackhat don’t advance the state of the art baffled us all. The idea of making software companies liable was briefly discussed and discarded as an unworkable problem. We really should invite him to the next Beansec so he can illuminate us on these ideas.

The discussions then ranged from airport security (or lack thereof) to more policy related discussions such as liability of runinng Tor servers on Harvards network for research purposes. I think this was the most lively discussion of the night and we could have used some legal expertise (Phil Malone of the Berkman Center was invited and will hopefully show next time). Chris led a discussion on binary decompilation versus source code analysis. Around 9pm the DJs arrived and started to crank up the music really loud and thus ended the first ever Beansec. It was agreed that the venue was the right size and the 3 hour block was the right amount for the event.

I turned down the idea of setting up a mailing list but am reconsidering. I do want this to stay informal but agree (now) that it would be useful as a way to promote the event (which I obviously need to do a better job of).

I’ve beaten Oliver to it. If you want to talk to Chris W, Chris H, and Oliver about the next BeanSec, you can send mail to beansec-subscribe@sockpuppet.org.