April 9, 2019 From rOpenSci (https://deploy-preview-488--ropensci.netlify.app/blog/2019/04/09/commcall-may2019/). Except where otherwise noted, content on this site is licensed under the CC-BY license.
“Security” can be a daunting, scary, and (frankly) quite often a very boring topic. BUT!, we promise that this Community Call on May 7th will be informative, engaging, and enlightening (or, at least not boring)!
Applying security best practices is essential not only for developers or sensitive data storage but also for the everyday R user installing R packages, contributing to open source, working with APIs or remote servers. However, keeping up-to-date with security best practices and applying them meticulously requires significant effort and is difficult without expert knowledge. On this Call you’ll hear about how the ropsec package can help you and you’ll learn the inner secrets of maintaining confidentiality, integrity, and availability throughout all your data science workflows.
100% of the contributors to this post agree this is a “must attend” event.
🔗 Agenda
- Stefanie Butland - Welcome (3 min)
- Bob Rudis - Zen and the art of ensuring confidentiality & integrity in analytics workflows (20 min)
- Ildi Czeller - Authorization vs authentication explained through signing commits: why you should do it and how
ropsechelps you do it the right way (15 min) - Q & A (20 min)
🎤 See speaker bios below.
🔗 Join the Call
🕘 Tuesday, May 7th, 11 AM PDT (find your timezone)
☎️ Find details for joining on our Community Calls page. Everyone is welcome. No RSVP needed.
🎥 After the Call, we’ll post the video and notes from the Q & A.
What do YOU want to know about security for R? Tell us in the comments below.
🔗 Resources
R-centric
notary- Signing & Verification of R Packages- rOpenSci unconf18 security projects: middlechild, defender, ropsec, keybase
- CRAN Mirror “Security”
- On Watering Holes, Trust, Defensible Systems and Data Science Community Security
Broader dev/datasci ecosystem
- It’s a FAKE (?)! Revisiting Trust In FOSS Ecosystems
- Keybase launches encrypted git
- Set up Keybase.io, GPG & Git to sign commits on GitHub
- An Introduction to Managing Secrets Safely with Version Control Systems
- 10 GitHub Security Best Practices (direct PDF link)
- How to set up two-factor authentication on all your online accounts
- Top 20 OpenSSH Server Best Security Practices
- Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship. (Tor project)
🔗 Speakers
Ildi Czeller is a passionate R user, has been an R learner for 4 years and she uses it in her work every day as a Data Scientist at Emarsys. As security is not a central part of her work she tries to learn the essential parts first and then move on to more advanced topics. Ildi occasionally tweets (@czeildi) and blogs (ildiczeller.com) and aspires to become an active contributor to open source.
Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies and is currently [Master] Chief Data Scientist at Rapid7 where he specializes in research on internet-scale exposure. He was formerly a Security Data Scientist & Managing Principal at Verizon, overseeing the team that produces the annual Data Breach Investigations Report. Bob is a serial tweeter (@hrbrmstr), avid blogger (rud.is), R (#rstats) avuncular, author (Data-Driven Security), speaker, and regular contributor to the open source community.
