BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//pretalx.com//bsides-exeter-2026//speaker//8TLJXP BEGIN:VTIMEZONE TZID:GMT BEGIN:STANDARD DTSTART:20001029T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:GMT TZOFFSETFROM:+0100 TZOFFSETTO:+0000 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T020000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:BST TZOFFSETFROM:+0000 TZOFFSETTO:+0100 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-bsides-exeter-2026-WUWP3W@pretalx.com DTSTART;TZID=GMT:20260425T114000 DTEND;TZID=GMT:20260425T122000 DESCRIPTION:We’re often told "don't roll your own crypto" or "don't build your own auth." It’s great advice for most\, but it begs the question: What about the people who have to build the stuff everyone else relies on? When you’re developing the core libraries\, kernels\, or protocols that the rest of the world trusts\, "best effort" security testing is simply n ot enough.\n\nStandard tools like fuzzing and static analysis (SAST) are w orld-class at finding bugs\, but they are inherently reactive. They can te ll you that you have a vulnerability\, but they can never prove that you d on't. This raises the question of what we can\, and should\, do when we ne ed to go beyond the "find-and-patch" cycle.\n\nIn this talk\, I will expla in the ideas underlying widely used security testing techniques such as fu zzing and static analysis\, examining their strengths and weaknesses. This will be contrasted with a plain-English look at how formal verification\, which offers the promise of being "mathematically proven"\, allows us to show the absence of entire vulnerability classes. I will also discuss why "mathematically proven" isn't a silver bullet and address the practical li mitations of verifying complex systems.\n\nIf you’ve ever wondered how t he foundations of the internet are secured\, or if you are building a comp onent where a single bug constitutes a catastrophic failure\, this session will show you how to move beyond the "Whac-A-Mole" of bug hunting. DTSTAMP:20260501T070528Z LOCATION:Seminar Room 1 SUMMARY:When Pen Testing is Not Enough - Achim D. Brucker URL:https://pretalx.com/bsides-exeter-2026/talk/WUWP3W/ END:VEVENT END:VCALENDAR