Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security Vulnerabilities - A Story About Panic

Security Vulnerabilities - A Story About Panic

Cory tells a tale of every open-source project's worse nightmare: a report of a serious security flaw in the software. Originally presented at DjangoCon EU 2015, Cardiff.

214c694acb154321379cbc58dc91528c?s=128

Cory Benfield

May 31, 2015
Tweet

Transcript

  1. Panic

  2. Hi

  3. Me @lukasaoz @lukasa

  4. A Story

  5. CVE 2015-2296 A Story About Panic

  6. Act 1: The Distant Past (2014)

  7. None
  8. TO ACTION!

  9. ???

  10. 1. Contact Email

  11. 2. GPG Keys 90DC AE40 FEA7 4B14 9B70 662D F25F

    2144 EEC1 373D
  12. Good Enough?

  13. Act 2: The Distant Now

  14. Credit: Rachel Kramer https://www.flickr.com/photos/rkramer62/15877419359

  15. None
  16. 3. Lots of Detail

  17. None
  18. None
  19. None
  20. None
  21. None
  22. Move Too Fast

  23. None
  24. None
  25. 4. No Weekends

  26. 5. Get a CVE

  27. 6. Warn Downstream

  28. 7. Identify Versions

  29. 8. Policy

  30. docs.python-requests.org/en/latest/ community/vulnerabilities/

  31. None
  32. Thanks! ✨✨