Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security Vulnerabilities - A Story About Panic

Cory Benfield
May 31, 2015
Programming
0
190

Security Vulnerabilities - A Story About Panic

Cory tells a tale of every open-source project's worse nightmare: a report of a serious security flaw in the software. Originally presented at DjangoCon EU 2015, Cardiff.

Cory Benfield

May 31, 2015
Tweet

More Decks by Cory Benfield

See All by Cory Benfield
Simplicity is a Feature
lukasa
2
560
You Don't Care About Efficiency
lukasa
1
270
Hyperactive: HTTP/2 and Python
lukasa
1
140
Project Calico: A Pure Layer 3 Approach to Virtual Networking
lukasa
2
370
A Deep Dive into Python Requests
lukasa
9
2.7k
HTTP/2: Because The Web Was Too Easy
lukasa
0
670

Other Decks in Programming

See All in Programming
Kotlin 2.0을 통해 알아보는 코틀린의 미래
dalinaum
1
1.6k
Composing a Design System
stewemetal
0
170
LINEBotCourse.pdf
maguroalternative
0
110
How does the Relay connect Android app development and Design?
horie1024
1
290
M5Stack用の指紋認証デバイスを試す
ufoo68
0
120
The Resurrection of 
the Fast Parallel Test Runner
koic
1
3.2k
デザイナーと協業しているNuxtプロジェクトを、ChromaticによるVRTでさらに改善した話
mozu1206
0
260
Mitigate Attacks on your PHP Supply Chain
dunglas
2
560
Micro Frontends for Java Developers - Devoxx UK 2023
mraible
PRO
1
210
Let's write RBS!
pocke
0
1.7k
Kotlin Multiplatform Library 배포하기
fornewid
0
200
シン・リッチエディタ徹底解説
microcms
1
460

Featured

See All Featured
Bash Introduction
62gerente
602
210k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
9
780
Writing Fast Ruby
sferik
613
58k
A Tale of Four Properties
chriscoyier
149
21k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.5k
Making Projects Easy
brettharned
102
5k
Building Flexible Design Systems
yeseniaperezcruz
315
35k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.7k
Git: the NoSQL Database
bkeepers
PRO
420
60k
Practical Orchestrator
shlominoach
179
9.1k
Making the Leap to Tech Lead
cromwellryan
118
7.8k
Why Our Code Smells
bkeepers
PRO
327
55k

Transcript

  1. Panic

    View Slide

  2. Hi

    View Slide

  3. Me
    @lukasaoz
    @lukasa

    View Slide

  4. A Story

    View Slide

  5. CVE 2015-2296
    A Story About Panic

    View Slide

  6. Act 1: The
    Distant Past
    (2014)

    View Slide

  7. View Slide

  8. TO ACTION!

    View Slide

  9. ???

    View Slide

  10. 1. Contact Email

    View Slide

  11. 2. GPG Keys
    90DC AE40 FEA7 4B14 9B70 662D F25F 2144 EEC1 373D

    View Slide

  12. Good Enough?

    View Slide

  13. Act 2: The
    Distant Now

    View Slide

  14. Credit: Rachel Kramer https://www.flickr.com/photos/rkramer62/15877419359

    View Slide

  15. View Slide

  16. 3. Lots of Detail

    View Slide

  17. View Slide

  18. View Slide

  19. View Slide

  20. View Slide

  21. View Slide

  22. Move Too
    Fast

    View Slide

  23. View Slide

  24. View Slide

  25. 4. No Weekends

    View Slide

  26. 5. Get a CVE

    View Slide

  27. 6. Warn
    Downstream

    View Slide

  28. 7. Identify
    Versions

    View Slide

  29. 8. Policy

    View Slide

  30. docs.python-requests.org/en/latest/
    community/vulnerabilities/

    View Slide

  31. View Slide

  32. Thanks!
    ✨✨

    View Slide