SecAppDev 2026 lecture details
RTFR (Read The Bleeping RFC)
We’ve built the internet upon standards established decades ago, resulting in some considerable security consequences today. In this talk, Inti is revealing his RFC research playbook and will discuss some of his recent finds.
Wednesday June 3rd, 16:00 - 17:15
Room Lemaire
Add to calendar (ICS) Add to Google calendarAbstract
Our modern infrastructure is built upon outdated standards and ideas that still have unexpected security consequences today.
As developers and decision makers trust their assumptions, the importance of reading and understanding the full documentation of a technology is often neglected. In my talk, I will show that even the most basic assumptions are wrong.
Ironically being RFC-compliant sometimes exposes you to additional risks.
Key takeaway
Creating and maintaining standards is hard and small inaccuracies might result in huge mistakes in years from now. Compliant isn't always more secure!
Content level
Deep-dive
Target audience
Builders, breakers and anyone who's interested in hacking and RFC's
Prerequisites
None
Join us for SecAppDev. You will not regret it!
Grab your seat now
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Security by default - A European perspective on cyber resilience
Deep-dive lecture by Freddy Dezeure in room Lemaire
Monday June 1st, 09:15 - 10:30
A technical deep dive into how Microsoft implements security, resilience, and regulatory compliance at scale—mapping NIS2, DORA, and Secure‑by‑Default principles to concrete controls, engineering processes, and tenant‑level protections
Key takeaway: Learn how regulatory requirements become enforceable controls, measurable metrics, and practical Secure‑by‑Default engineering across cloud systems
How to (still) trick AI: Adversarial ML for Today
Introductory lecture by Katharine Jarmul in room Lemaire
Wednesday June 3rd, 11:00 - 12:30
There's many known (and still being discovered) attack vectors against deep learning models. In this session, we'll walk through some of the history of adversarial ML and deep learning and find what's changed and what's stayed the same.
Key takeaway: AI/DL models are inherently nondeterministic and have other properties that allow for old, new and interesting attacks.
SBOMs and their Role in Security
Deep-dive lecture by Alexios Zavras in room West Wing
Tuesday June 2nd, 09:00 - 10:30
A practical deep dive into SBOMs: what they are, how they’re built and used, and why they matter for modern software security, from vulnerability response and prioritization to supply‑chain risk and provenance touchpoints.
Key takeaway: Participants will learn about SBOMs, how to think about them in an end-to-end manner, and how to apply them to real security workflows.