On a Saturday in June, after a third-party CT library failed to parse Chrome’s correctly-formatted log list, hundreds of Android apps suddenly stopped working, affecting millions of users, and costing potentially millions in lost revenue for impacted applications. This talk will discuss what happened, how we mitigated the issue, and the ongoing risks that this and other libraries pose to the CT ecosystem. We’ll also cover how we in Chrome are working to shake free dependencies that risk Chrome’s ability to enforce CT.
Speaker
Joe DeBlasio is an engineering manager and tech lead on Chrome’s Security team. His team focuses on network security, including engineering and policy for Certificate Transparency, the Chrome Root Program, and TLS. Joe is interested broadly in finding ways to improve the security of the web as a whole, and holds a PhD in network security measurement from UC San Diego.
