hink I’ve channeled some healthy paranoia into F5’s products.
Over the years, I’ve implemented authentication systems as well as authorization systems. When F5 developed BIG-IP version 9, I implemented the authentication system and I was responsible for the care and feeding of the underlying operating system. This was where I first learned how important it is to reduce the threat surface of a product.
Over the years, I have continued to be involved in many aspects of security on the BIG-IP while developing features. I introduced the first peer based code review tool into the company as well as the first threat model process.
Lately, all my time has been devoted to the security of TMOS on BIG-IP..
My goal with this blog is to expose the security research that we do here at F5.