Interview with Lukas

December 12, 2015

BSidesHH Logo

Interview with Lukas

So as promised here is another of our BSidesHH2015 interview blog posts

We’re happy to be speaking with Lukas Reschke, Security Lead with ownCloud

Lukas's picture

1. Lukas, what will your talk be about at BSidesHH2015?

I’ll talk about the security story behind the ownCloud open-source project. The ownCloud community got started in 2010 and develops a self-hosted file sync and share server.

Over the years ownCloud has evolved massively, now the server software itself is more of a platform that comes with apps. Developers from all over the globe have meanwhile written a ton of different apps so that ownCloud can act as a kind of secure place for all your data. (E-Mail / Calendar / Contacts / Files) Also there are now desktop and mobile synchronization clients for all widely used platforms.

While starting as a small project ownCloud is now also used by big enterprises and universities all over the world. To get to this state we had to increase the overall security level of our products massively and this talk will cover how and what that looks like.

2. What is the most important that participants should take away from your talk?

Lot’s of peoples are claiming ownCloud would be an insecure software because of all the vulnerabilities found within the product. They do however not realize that nearly all of the bugs are found by our internal security procedures. As an open-source company the disclosure of security issues is very important to us and we do not hide fixed security issues as other vendors tend to do.

As sad as it sounds, if ownCloud would not publish any details about security vulnerabilities found on their own most people would probably not complain at all. There seems to be the idea that “having issues” is bad. It certainly is. But even worse is not to discover and fix them. Each fixed security bug makes the software more secure.

3. Is it the first BSides you are speaking at?

That is correct. I’m from Switzerland and unfortunately Zurich doesn’t have a BSides event yet.

4. What are your expectations for BSidesHH2015? What do you personally hope to get out of it?

I’m very looking forward to meet other information security specialists and also get in an open discussion with them about how open-source projects should optimally handle security vulnerabilities. There are huge differences there as well and some projects do not disclose any issues publicly at all.

Also I’m excited to have an opportunity to reach out to new people that don’t know ownCloud at all as well as to adjust some wrong assumptions that some other people might have about the security of the ownCloud software.

5. To you: what does the owncloud idea and the BSides idea have in common?

ownCloud is one of the most welcoming and inclusive open-source projects that I have ever met. People are just nice to each other and work together on something that is fun to them. From knowing one of the organisers of BSidesHH I do absolutely expect the same to be true there as well.

read more about Lukas’s talk.

How to book tickets

You can book tickets to the conference, via our Eventbrite page.