Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How GitHub Uses GitHub to Defend GitHub

How GitHub Uses GitHub to Defend GitHub

A talk I gave for a closed conference right around RSA 2014.

Scott J. Roberts

February 24, 2014
Tweet

More Decks by Scott J. Roberts

Other Decks in Technology

Transcript

  1. !
    To Defend
    Scott J Roberts
    Bad Guy Catcher
    Uses
    How

    View Slide

  2. this isn’t a sales pitch…
    but it is about using GitHub the product

    View Slide

  3. Our Goals
    • Use current tools & paradigms
    • Fast
    • Secure
    • Transparent to coworkers

    View Slide

  4. We live on GitHub (shocking!)
    • Writing code
    • Writing documentation
    • Having long running
    collaborative discussions
    • So why not incident
    response?

    View Slide

  5. Our Incident Process
    • Create an incident name
    • Create an incident branch
    • Apply the Incident Template
    • Open a Pull Request
    • “Run it down”
    • Finalize & Merge
    • it

    View Slide

  6. Create an incident name
    • Two word names
    • First word is “actor” - to
    the extent we know
    • Second word is the
    incident
    • Initials should be unique

    View Slide

  7. Create an “Incident Branch”

    View Slide

  8. Add Incident Template

    View Slide

  9. Our Templates

    View Slide

  10. Our Templates

    View Slide

  11. Git Add, Commit, & Push

    View Slide

  12. Open a Pull Request

    View Slide

  13. Open a Pull Request

    View Slide

  14. “Run it down”

    View Slide

  15. “Run it down”
    • Using the Pull Request workflow for IR:
    • Ties response directly to the code, such as fixes
    • Allows us to pull in relevant users & teams as
    necessary
    • Lets us categorize, organize, & track using
    Milestones, Labels, & States

    View Slide

  16. Finalize and Merge

    View Slide

  17. it
    • We share GitHub security incidents with all Hubbers
    • This helps us with a few things:
    • Raising OpSec awareness
    • Identifying & developing new features
    • Building user trust

    View Slide

  18. Quick Review
    1. Create a branch
    2. Add & fill out template
    3. Add, commit, & push
    4. Open a Pull Request
    5. “Run it down”
    6. Finalize & Merge

    View Slide

  19. Wake Up,

    Go T
    o War

    View Slide