Oh, I Found a Security Issue (PyCon CA 2017)

Cd7648c536b4dbe940246b74044fbc52?s=47 Markus H
November 18, 2017

Oh, I Found a Security Issue (PyCon CA 2017)

Cd7648c536b4dbe940246b74044fbc52?s=128

Markus H

November 18, 2017
Tweet

Transcript

  1. Oh, I Found a Security Issue

  2. • •

  3. Who's an OpenSource maintainer?

  4. Who uses Django?

  5. Date: Tue, 4 Apr 2017 08:31:25 -0700 (PDT) From: Tim

    Graham <*****@gmail.com> To: django-announce <django-announce@googlegroups.com> Subject: [django-announce] Django security releases issued: 1.10.7, 1.9.13, and 1.8.18 Today the Django team issued 1.10.7, 1.9.13, and 1.8.18 as part of our security process. These releases address two security issues, and we encourage all users to upgrade as soon as possible: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/ As a reminder, we ask that potential security issues be reported via private email to security@djangoproject.com and not via Django's Trac instance or the django-developers list. Please see https://www.djangoproject.com/security for further information.
  6. Report to security@djangoproject.com

  7. Assessing the reported issue

  8. Fixing the issue

  9. Confirming the fix

  10. Pre-notification

  11. Release

  12. Announcement

  13. How to apply this?

  14. • Setup reporting channel

  15. • Setup reporting channel • Monitor reporting channel

  16. • Setup reporting channel • Monitor reporting channel • Fix

    the issue
  17. • Setup reporting channel • Monitor reporting channel • Fix

    the issue • Release & Announce
  18. • Setup reporting channel • Monitor reporting channel • Fix

    the issue • Release & Announce • Learn from it
  19. OWASP Top 10 https://www.owasp.org/

  20. Thank you! @m_holtermann