Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How GitHub Uses GitHub to Defend GitHub
Search
Scott J. Roberts
February 24, 2014
Technology
360
3
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
How GitHub Uses GitHub to Defend GitHub
A talk I gave for a closed conference right around RSA 2014.
Scott J. Roberts
February 24, 2014
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
1.5k
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
89
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
170
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
200
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
130
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
120
Homemade Ramen & Threat Intelligence
sroberts
2
630
Introduction to Open Source Security Tools
sroberts
3
5.1k
Building Effective Threat Intelligence Sharing
sroberts
1
150
Other Decks in Technology
See All in Technology
製造現場での生成AIの活用、およびエージェントAIの実装のあり方、AVEVAの取り組み
iotcomjpadmin
0
200
攻撃者がいなくてもAIエージェントはインシデントを起こす
nomizone
0
170
Microsoft のサポートとフィードバック総まとめ
murachiakira
PRO
0
130
toB プロダクトから見たWAF
tokai235
0
260
“ID沼入口” - 基本とセキュリティから始める、考え続けるためのID管理技術勉強会 告知&イントロ
ritou
0
300
AI時代における最適なQA組織の作り方
ymty
3
260
AIをフル活用してオンコール機能のプロトタイプを2日で作った話 / Building an AI-Powered On-Call Prototype in Just Two Days
nari_ex
0
160
本当の”仕事”を手放せる未来が見えた
mu7889yoon
0
200
どうして今サーバーサイドKotlinを選択したのか
nealle
0
150
なぜ人は自分のプロジェクトを 「なんちゃってアジャイル」と 自嘲するのか
kozotaira
0
200
きのこカンファレンス2026_肩書きを外したとき私は誰か
yamasatimi
1
110
「勝手に広まる」人気 AI エージェントを爆速で作ろう!(AWS Summit Japan 2026講演資料)
minorun365
PRO
10
2.7k
Featured
See All Featured
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
170
Building a Scalable Design System with Sketch
lauravandoore
463
34k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
250
1.3M
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
190
Leadership Guide Workshop - DevTernity 2021
reverentgeek
1
310
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
1
260
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
200
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.9k
How to Ace a Technical Interview
jacobian
281
24k
So, you think you're a good person
axbom
PRO
2
2.1k
YesSQL, Process and Tooling at Scale
rocio
174
15k
Google's AI Overviews - The New Search
badams
0
1.1k
Transcript
! To Defend Scott J Roberts Bad Guy Catcher Uses
How
this isn’t a sales pitch… but it is about using
GitHub the product
Our Goals • Use current tools & paradigms • Fast
• Secure • Transparent to coworkers
We live on GitHub (shocking!) • Writing code • Writing
documentation • Having long running collaborative discussions • So why not incident response?
Our Incident Process • Create an incident name • Create
an incident branch • Apply the Incident Template • Open a Pull Request • “Run it down” • Finalize & Merge • it
Create an incident name • Two word names • First
word is “actor” - to the extent we know • Second word is the incident • Initials should be unique
Create an “Incident Branch”
Add Incident Template
Our Templates
Our Templates
Git Add, Commit, & Push
Open a Pull Request
Open a Pull Request
“Run it down”
“Run it down” • Using the Pull Request workflow for
IR: • Ties response directly to the code, such as fixes • Allows us to pull in relevant users & teams as necessary • Lets us categorize, organize, & track using Milestones, Labels, & States
Finalize and Merge
it • We share GitHub security incidents with all Hubbers
• This helps us with a few things: • Raising OpSec awareness • Identifying & developing new features • Building user trust
Quick Review 1. Create a branch 2. Add & fill
out template 3. Add, commit, & push 4. Open a Pull Request 5. “Run it down” 6. Finalize & Merge
Wake Up, Go T o War