Jul 19 – 24, 2024
America/Denver timezone

We Cannot Write Secure Applications

Jul 19, 2024, 2:35 PM
250-Turnhalle | Track 1

250-Turnhalle | Track 1

25 Minute Presentation - In Person Privacy and Security


Michael Catanzaro (Red Hat)


Humans are bad at writing secure code, and GNOME developers are no exception. GNOME is primarily written using unsafe programming languages where simple mistakes in our code lead to devastating consequences for our users, and we make these mistakes all the time. This talk will review several common programming errors in GNOME code and how to avoid them. But since we know we'll fail at that, we'll need the Flatpak sandbox to save users from the consequences of our mistakes. The Flatpak sandbox is incredible security technology, so why do we keep subverting it?

The GNOME and Flatpak communities must crack down on the widespread abuse of sandbox holes on Flathub and focus more on developing and improving our sandbox portals instead. Unsandboxed applications will never be safe, so it's time for GNOME distributors to move away from shipping traditionally-packaged applications and embrace Flatpak instead.

Author(s) Bio

Michael is a member of the GNOME release team and has been contributing to GNOME since 2013. He currently maintains Epiphany, GNOME Chess, and GNOME Sudoku. Michael also contributes to WebKit and Fedora Workstation.

Primary author

Presentation materials