Oh, I Found a Security Issue (PyCon CA 2017)

Transcript

1. Oh, I Found a Security Issue

2. • •

3. Who's an OpenSource maintainer?

4. Who uses Django?

5. Date: Tue, 4 Apr 2017 08:31:25 -0700 (PDT) From: Tim

   Graham <*****@gmail.com> To: django-announce <[email protected]> Subject: [django-announce] Django security releases issued: 1.10.7, 1.9.13, and 1.8.18 Today the Django team issued 1.10.7, 1.9.13, and 1.8.18 as part of our security process. These releases address two security issues, and we encourage all users to upgrade as soon as possible: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/ As a reminder, we ask that potential security issues be reported via private email to [email protected] and not via Django's Trac instance or the django-developers list. Please see https://www.djangoproject.com/security for further information.

6. Report to [email protected]

7. Assessing the reported issue

8. Fixing the issue

9. Confirming the fix

10. Pre-notification

11. Release

12. Announcement

13. How to apply this?

14. • Setup reporting channel

15. • Setup reporting channel • Monitor reporting channel

16. • Setup reporting channel • Monitor reporting channel • Fix

    the issue

17. • Setup reporting channel • Monitor reporting channel • Fix

    the issue • Release & Announce

18. • Setup reporting channel • Monitor reporting channel • Fix

    the issue • Release & Announce • Learn from it

19. OWASP Top 10 https://www.owasp.org/

20. Thank you! @m_holtermann