How GitHub Uses GitHub to Defend GitHub

Ded29c7918dce50c65131df03c769004?s=47 Scott J. Roberts
February 24, 2014
Technology
3
200

How GitHub Uses GitHub to Defend GitHub

A talk I gave for a closed conference right around RSA 2014.

Ded29c7918dce50c65131df03c769004?s=128

Scott J. Roberts

February 24, 2014
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
Ded29c7918dce50c65131df03c769004?s=48 sroberts
2
150
Ded29c7918dce50c65131df03c769004?s=48 sroberts
2
3.9k
Ded29c7918dce50c65131df03c769004?s=48 sroberts
1
61
Ded29c7918dce50c65131df03c769004?s=48 sroberts
0
55
Ded29c7918dce50c65131df03c769004?s=48 sroberts
1
140
Ded29c7918dce50c65131df03c769004?s=48 sroberts
3
2.6k
Ded29c7918dce50c65131df03c769004?s=48 sroberts
5
810
Ded29c7918dce50c65131df03c769004?s=48 sroberts
1
11k
Ded29c7918dce50c65131df03c769004?s=48 sroberts
2
750

Other Decks in Technology

See All in Technology
81603b1fb3b31483780be0700ed183e8?s=48 gabidavila
0
230
E4e01fb8b7105e61e3876224139503ab?s=48 niw
10
450
41088d50c95ab57359a3cb56988cfec7?s=48 ngyt
1
350
55c9804c185f493816433678393cbe92?s=48 sumihiro3
0
160
Ae4ace6ba2b695fd37e4121faef66b43?s=48 katsushun89
0
210
5af8e5bd2f24e4ea0cee732c6cc259b3?s=48 haruharuharuby
0
320
53e2d354b3299d64a54af680865516d5?s=48 satotakeshi
3
400
0f993881fa8709dbe986bcade6c1fbad?s=48 satonaoki
0
120
Cb88f765dd38cd942c39aacb5abbea06?s=48 ufoo68
0
110
74cec195bfb6cb5165256d88cb7fcf0f?s=48 miu_crescent
5
1k
26173c2f52b5aa5d06e6806c7a9478d3?s=48 laprasdrum
0
530
706ff501573a736401aa4de5adc88e05?s=48 nihonbuson
5
1.9k

Featured

See All Featured
C1daf20e5c49ff910745198ef9869ac2?s=48 hatefulcrawdad
257
16k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
83
4.6k
170b760e0147792d0140e59ec78e9893?s=48 eitanlees
105
9.5k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
51
3.9k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
112
24k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
436
28k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
164
18k
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
52
1.8k
7653c7c449918ff6542880a8c284f5e7?s=48 jponch
101
4.8k
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
23
3.7k
2bb923c57a1fdc3a2eb484bb8d565fd2?s=48 ufuk
55
5.2k
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
175
14k

Transcript

  1. ! To Defend Scott J Roberts Bad Guy Catcher Uses

    How

  2. this isn’t a sales pitch… but it is about using

    GitHub the product

  3. Our Goals • Use current tools & paradigms • Fast

    • Secure • Transparent to coworkers

  4. We live on GitHub (shocking!) • Writing code • Writing

    documentation • Having long running collaborative discussions • So why not incident response?

  5. Our Incident Process • Create an incident name • Create

    an incident branch • Apply the Incident Template • Open a Pull Request • “Run it down” • Finalize & Merge • it

  6. Create an incident name • Two word names • First

    word is “actor” - to the extent we know • Second word is the incident • Initials should be unique

  7. Create an “Incident Branch”

  8. Add Incident Template

  9. Our Templates

  10. Our Templates

  11. Git Add, Commit, & Push

  12. Open a Pull Request

  13. Open a Pull Request

  14. “Run it down”

  15. “Run it down” • Using the Pull Request workflow for

    IR: • Ties response directly to the code, such as fixes • Allows us to pull in relevant users & teams as necessary • Lets us categorize, organize, & track using Milestones, Labels, & States

  16. Finalize and Merge

  17. it • We share GitHub security incidents with all Hubbers

    • This helps us with a few things: • Raising OpSec awareness • Identifying & developing new features • Building user trust

  18. Quick Review 1. Create a branch 2. Add & fill

    out template 3. Add, commit, & push 4. Open a Pull Request 5. “Run it down” 6. Finalize & Merge

  19. Wake Up,
 Go T o War