Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How GitHub Uses GitHub to Defend GitHub

Avatar for Scott J. Roberts Scott J. Roberts
February 24, 2014
Technology
350
3

How GitHub Uses GitHub to Defend GitHub

A talk I gave for a closed conference right around RSA 2014.

Avatar for Scott J. Roberts

Scott J. Roberts

February 24, 2014

More Decks by Scott J. Roberts

See All by Scott J. Roberts
LLM SATs FTW
Avatar for Scott J. Roberts sroberts
0
1.4k
STRAT - A System-Centric Approach to Cyber Resilience
Avatar for Scott J. Roberts sroberts
0
85
Tortured Responders Dept - Scott & Rebekah's Edition
Avatar for Scott J. Roberts sroberts
0
170
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
Avatar for Scott J. Roberts sroberts
0
190
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
Avatar for Scott J. Roberts sroberts
0
130
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
Avatar for Scott J. Roberts sroberts
0
120
Homemade Ramen & Threat Intelligence
Avatar for Scott J. Roberts sroberts
2
630
Introduction to Open Source Security Tools
Avatar for Scott J. Roberts sroberts
3
5.1k
Building Effective Threat Intelligence Sharing
Avatar for Scott J. Roberts sroberts
1
150

Other Decks in Technology

See All in Technology
protovalidate-es を導入してみた
Avatar for 弁護士ドットコム bengo4com
0
150
Dynamic Workersについて
Avatar for Yusuke Wada yusukebe
2
630
SIer20年! 培ったスキルがスタートアップで輝く時
Avatar for しゅういちろ shucho0103
0
740
AI駆動開発が変える、大規模開発の前提 ーHuman in the Loop から Human on the Loop へ / AIE2026
Avatar for Visional Engineering & Design visional_engineering_and_design
28
19k
実装は速くなった、レビューはどうする? ― 自身のレビューをAIで再現させるサーヴァントエンジニアリングのすゝめ / Implementation got faster. So what about reviews? — An invitation to Servant Engineering: Recreating your own code reviews with AI
Avatar for nrs nrslib
7
4.2k
PHP と TypeScript の型システム比較:AI 時代の「型」は誰のためにあるのか? #frontend_phpcon_do / frontend_phpcon_do_2026
Avatar for shogogg shogogg
1
260
DevOps Agentで始めるAWS運用 〜フロンティアエージェントが変える運用の現場〜
Avatar for nyankotaro nyankotaro
1
320
価格.comをAI駆動で全面刷新する ー 30年分の技術的負債を返し、次の30年の土台をつくる ー / AI Engineering Summit Tokyo 2026
Avatar for tkyowa tkyowa
50
56k
Agentic Defenseとともにセキュリティエンジニアが輝き続けるには / How Security Engineers Can Keep Excelling with Agentic Defense
Avatar for Yuji Oshima yuj1osm
0
130
Terraformモジュールは、なぜ「魔境」化するのか
Avatar for hayama hayama17
2
220
機械学習を「社会実装」するということ 2026年夏版 / Social Implementation of Machine Learning June 2026 Version
Avatar for Moe Uchiike(内池 もえ) moepy_stats
2
110
React、まだ楽しくて草
Avatar for uhyo uhyo
7
4.2k

Featured

See All Featured
My Coaching Mixtape
Avatar for mlcsv mlcsv
0
140
Jess Joyce - The Pitfalls of Following Frameworks
Avatar for Tech SEO Connect techseoconnect
PRO
1
160
Groundhog Day: Seeking Process in Gaming for Health
Avatar for Sebastian Deterding codingconduct
0
200
Un-Boring Meetings
Avatar for Sebastian Deterding codingconduct
0
310
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
55
3.4k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
331
21k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
33
1.8k
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
Avatar for Tech SEO Connect techseoconnect
PRO
0
160
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
9
950
Navigating Algorithm Shifts & AI Overviews - #SMXNext
Avatar for Aleyda Solis aleyda
1
1.3k
Designing for Performance
Avatar for Lara Hogan lara
611
70k
A brief & incomplete history of 
UX Design for the World Wide Web: 1989–2019
Avatar for Jason CranfordTeague jct
2
390

Transcript

  1. ! To Defend Scott J Roberts Bad Guy Catcher Uses

    How

  2. this isn’t a sales pitch… but it is about using

    GitHub the product

  3. Our Goals • Use current tools & paradigms • Fast

    • Secure • Transparent to coworkers

  4. We live on GitHub (shocking!) • Writing code • Writing

    documentation • Having long running collaborative discussions • So why not incident response?

  5. Our Incident Process • Create an incident name • Create

    an incident branch • Apply the Incident Template • Open a Pull Request • “Run it down” • Finalize & Merge • it

  6. Create an incident name • Two word names • First

    word is “actor” - to the extent we know • Second word is the incident • Initials should be unique

  7. Create an “Incident Branch”

  8. Add Incident Template

  9. Our Templates

  10. Our Templates

  11. Git Add, Commit, & Push

  12. Open a Pull Request

  13. Open a Pull Request

  14. “Run it down”

  15. “Run it down” • Using the Pull Request workflow for

    IR: • Ties response directly to the code, such as fixes • Allows us to pull in relevant users & teams as necessary • Lets us categorize, organize, & track using Milestones, Labels, & States

  16. Finalize and Merge

  17. it • We share GitHub security incidents with all Hubbers

    • This helps us with a few things: • Raising OpSec awareness • Identifying & developing new features • Building user trust

  18. Quick Review 1. Create a branch 2. Add & fill

    out template 3. Add, commit, & push 4. Open a Pull Request 5. “Run it down” 6. Finalize & Merge

  19. Wake Up,
 Go T o War