Oh, I Found a Security Issue (PyCon CA 2017) - Speaker Deck

Tweet

Tweet

Slide 1

Slide 1 text

Oh, I Found a Security Issue

Slide 2

Slide 2 text

● ●

Slide 3

Slide 3 text

Who's an OpenSource maintainer?

Slide 4

Slide 4 text

Who uses Django?

Slide 5

Slide 5 text

Date: Tue, 4 Apr 2017 08:31:25 -0700 (PDT) From: Tim Graham <*****@gmail.com> To: django-announce Subject: [django-announce] Django security releases issued: 1.10.7, 1.9.13, and 1.8.18 Today the Django team issued 1.10.7, 1.9.13, and 1.8.18 as part of our security process. These releases address two security issues, and we encourage all users to upgrade as soon as possible: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/ As a reminder, we ask that potential security issues be reported via private email to [email protected] and not via Django's Trac instance or the django-developers list. Please see https://www.djangoproject.com/security for further information.

Slide 6

Slide 6 text

Report to [email protected]

Slide 7

Slide 7 text

Assessing the reported issue

Slide 8

Slide 8 text

Fixing the issue

Slide 9

Slide 9 text

Confirming the fix

Slide 10

Slide 10 text

Pre-notification

Slide 11

Slide 11 text

Release

Slide 12

Slide 12 text

Announcement

Slide 13

Slide 13 text

How to apply this?

Slide 14

Slide 14 text

● Setup reporting channel

Slide 15

Slide 15 text

● Setup reporting channel ● Monitor reporting channel

Slide 16

Slide 16 text

● Setup reporting channel ● Monitor reporting channel ● Fix the issue

Slide 17

Slide 17 text

● Setup reporting channel ● Monitor reporting channel ● Fix the issue ● Release & Announce

Slide 18

Slide 18 text

● Setup reporting channel ● Monitor reporting channel ● Fix the issue ● Release & Announce ● Learn from it

Slide 19

Slide 19 text

OWASP Top 10 https://www.owasp.org/

Slide 20

Slide 20 text

Thank you! @m_holtermann