Everything Open 2026 – Day 1 – Morning

Breaking to Build: What Security Teaches Us About Openness by Kylie McDevitt

  • Works in Security. Founder of company called Infosec
  • Vulnerability research, Linux devices, Organising various Security events and Confs
  • Why Breaking things matter
    • You can only improve what you can say, security and openness both rely on clarity
  • IoT Code of Practice – 13 Principles, released 2020
  • Code of Practice Project
    • Test approx 50 consumer IoT devices
    • Goal: Practical evidence-based vendor advice
    • Focus common patterns, not single vendor
    • Cameras, doorbells, tops, smart speakers, home automation devices
  • Testing Methodology
    • DUT = Device under test
    • Dynamic analysis of DUT. How it boots, what it seems to do, contact, etc
    • Firmware acquisition
    • Dynamic and static analysis of Firmware
    • Triage results, Look for interesting results to follow further
    • Create exploit to “prove harm”
  • Dynamic Analysis
    • Look at network traffic. websites it connects to. s3 buckets
    • Port scans (may change at different stages)
    • Obtain console access
    • http MITM if poss
  • Firmware acquisition
    • Meta: Had some computer problems here. Unable to record notes
  • Assumptions that break everything
    • Trusted Firmware Sources
    • Local-Only Interfaces
    • One-way trust relationships
    • Hidden features never removed from production
  • What Breaking Teaches Us
    • Patterns show where to focus
    • Fragile assumptions are the real threat
    • Feedback loops make Systems Stronger
      • Clear, constructive guidance for vendors
  • Openness
    • Sharing, Reproducible results, Community standards, Public Education – all feed off each other
    • Intersect Government, Community and Industry
  • Looking Forward
    • Systems are getting more complex going forward
    • More attack surfaces
    • More reliance on shared codebases ( frameworks, open source, vendor common code )
    • Great need for open collaborative defence
  • How we keep improving
    • Keep breaking things – systematically and legally
    • Keep sharing what we have learned
    • Keep building community capacity
    • Keep helping each other succeed
  • “Breaking is the first Step, Understanding is the second, Sharing is what makes the ecosystem stronger”

Encouraging democratic participation with software by Vanessa Teague

  • Slides downloadable
  • Democracy Developers – https://www.democracydevelopers.org.au/
    • Build software that supports democracy
    • Australian based but works worldwide
  • What projects can we do we’d be proud of?
    • Get people of social media and engaging more effectively
    • Inoculate people against misinformation
    • A politician asks a question prompted by a user of our software
  • Projects they have tried
  • Ask Parliament
    • List of questions for MPs or that MPs could ask at committees
    • People could up-vote or down-vote. Show which questions were popular (and media etc could pick up)
    • Never really took off. On the backburner
  • Age Verification Feedback Form that messaged Politicians
    • https://ageofreason.democracydevelopers.org.au/
    • Whole bill was rushed so not really time for it to get live
    • Working to expand it more generally
    • Has a better system to find representatives based on address compared to official site
    • Q: Is this too late in the process to influence actual changes?
  • Explain That Election
    • Note quite live
  • Where did my STV vote go?
    • https://vote.andrewconway.org/
    • Data only available in some areas/elections
    • You put in a sample vote ordering and you can see how that vote was shuffled in that election though the various rounds.
Share