As some of you may have seen, a social media plug-in to our encrypted Conference registration system had some of our attendees concerned we were collecting Twitter passwords in our databases.
RSA Conference 2016 has not and will not collect or store attendee Twitter password information during its Conference registration process. The “Tweet this” functionality on our encrypted registration page uses a Twitter-approved API to authenticate users and allow them to socialize their attendance at RSAC. Although media has speculated RSAC was not using OAuth, the API does in fact use OAuth to authenticate with Twitter. The only information RSA Conference receives is a response back from Twitter regarding the success or failure of a post.
We do understand the concern caused by asking users to input their Twitter information on our site rather than sending them to Twitter directly and, to avoid further concerns, RSA Conference has turned off this API and will not be using it moving forward.
Some of you used this feature for its intended purpose – to meet and connect with fellow attendees – and received some negative feedback online for it. Such feedback is regrettable and against the spirit of the RSA Conference.
Since our inception in 1991, RSA Conference has been – and continues to be – an industry gathering of the brightest minds in security, diverse in experience, built upon the idea of a free-flowing discourse to better serve information security as a whole.
As the information security community, our collective job should be to help, not embarrass, one another. A core element of the RSA Conference is education. Not everyone who attends is a CSO or CISO. Some want to better educate themselves or have found themselves in an IT position that incorporates security as part of their day-to-day management.
As a large industry event, we can take criticism when we make a misstep and welcome that dialogue – but we hope our community will stop faulting the individuals who used a communication offering we provided.