Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How GitHub Uses GitHub to Defend GitHub
Search
Scott J. Roberts
February 24, 2014
Technology
3
320
How GitHub Uses GitHub to Defend GitHub
A talk I gave for a closed conference right around RSA 2014.
Scott J. Roberts
February 24, 2014
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
6
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
100
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
84
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
51
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
30
Homemade Ramen & Threat Intelligence
sroberts
2
520
Introduction to Open Source Security Tools
sroberts
3
4.9k
Building Effective Threat Intelligence Sharing
sroberts
1
120
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
110
Other Decks in Technology
See All in Technology
SpannerとAurora DSQLの同時実行制御の違いに想いを馳せる
masakikato5
0
560
PHPでアクターモデルを活用したSagaパターンの実践法 / php-saga-pattern-with-actor-model
ytake
0
1k
チームの性質によって変わる ADR との向き合い方と、生成 AI 時代のこれから / How to deal with ADR depends on the characteristics of the team
mh4gf
4
320
パスキー導入の課題と ベストプラクティス、今後の展望
ritou
7
1.2k
DevinはクラウドエンジニアAIになれるのか!? 実践的なガードレール設計/devin-can-become-a-cloud-engineer-ai-practical-guardrail-design
tomoki10
3
1.3k
大規模プロジェクトにおける 品質管理の要点と実践 / 20250327 Suguru Ishii
shift_evolve
0
270
頻繁リリース × 高品質 = 無理ゲー? いや、できます!/20250306 Shoki Hyo
shift_evolve
0
150
Restarting_SRE_Road_to_SRENext_.pdf
_awache
0
150
技術好きなエンジニアが _リーダーへの進化_ によって得たものと失ったもの / The Gains and Losses of a Tech-Enthusiast Engineer’s “Evolution into Leadership”
kaminashi
0
200
AIエージェントキャッチアップと論文リサーチ
os1ma
6
1.1k
Reactを段階的に覗いてみる
ytaisei
2
940
お問い合わせ対応の改善取り組みとその進め方
masartz
1
300
Featured
See All Featured
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Designing for humans not robots
tammielis
250
25k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
22
2.6k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
51
2.4k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
31
4.7k
Unsuck your backbone
ammeep
670
57k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
118
51k
Visualization
eitanlees
146
15k
Thoughts on Productivity
jonyablonski
69
4.5k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
28
2k
How to Ace a Technical Interview
jacobian
276
23k
Transcript
! To Defend Scott J Roberts Bad Guy Catcher Uses
How
this isn’t a sales pitch… but it is about using
GitHub the product
Our Goals • Use current tools & paradigms • Fast
• Secure • Transparent to coworkers
We live on GitHub (shocking!) • Writing code • Writing
documentation • Having long running collaborative discussions • So why not incident response?
Our Incident Process • Create an incident name • Create
an incident branch • Apply the Incident Template • Open a Pull Request • “Run it down” • Finalize & Merge • it
Create an incident name • Two word names • First
word is “actor” - to the extent we know • Second word is the incident • Initials should be unique
Create an “Incident Branch”
Add Incident Template
Our Templates
Our Templates
Git Add, Commit, & Push
Open a Pull Request
Open a Pull Request
“Run it down”
“Run it down” • Using the Pull Request workflow for
IR: • Ties response directly to the code, such as fixes • Allows us to pull in relevant users & teams as necessary • Lets us categorize, organize, & track using Milestones, Labels, & States
Finalize and Merge
it • We share GitHub security incidents with all Hubbers
• This helps us with a few things: • Raising OpSec awareness • Identifying & developing new features • Building user trust
Quick Review 1. Create a branch 2. Add & fill
out template 3. Add, commit, & push 4. Open a Pull Request 5. “Run it down” 6. Finalize & Merge
Wake Up, Go T o War