Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How GitHub Uses GitHub to Defend GitHub

Ded29c7918dce50c65131df03c769004?s=47 Scott J. Roberts
February 24, 2014
Technology
3
210

How GitHub Uses GitHub to Defend GitHub

A talk I gave for a closed conference right around RSA 2014.

Ded29c7918dce50c65131df03c769004?s=128

Scott J. Roberts

February 24, 2014
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
Ded29c7918dce50c65131df03c769004?s=48 sroberts
2
220
Ded29c7918dce50c65131df03c769004?s=48 sroberts
3
4.1k
Ded29c7918dce50c65131df03c769004?s=48 sroberts
1
68
Ded29c7918dce50c65131df03c769004?s=48 sroberts
0
57
Ded29c7918dce50c65131df03c769004?s=48 sroberts
1
190
Ded29c7918dce50c65131df03c769004?s=48 sroberts
3
2.7k
Ded29c7918dce50c65131df03c769004?s=48 sroberts
5
860
Ded29c7918dce50c65131df03c769004?s=48 sroberts
1
11k
Ded29c7918dce50c65131df03c769004?s=48 sroberts
2
770

Other Decks in Technology

See All in Technology
A500dfe11c36aa2912eaf33176fe129f?s=48 oyakata2438
0
340
A97eee01397705443a72a48ce29d3e19?s=48 cybozuinsideout
0
4.2k
Ede1bb0ec880bd573d52f8f351ff827a?s=48 yoshiya
0
260
20dd6ed6aa3cf68c2eabe56360512808?s=48 halsk
1
7.3k
5c4f5cafb8aa4f6258e5112412b3ab15?s=48 chisaki0120
0
110
842515eaf8fbb2dfcc75197e7797dc15?s=48 sat
12
9.2k
Ea29e2b19d11b48f867ae71d6a6de5df?s=48 opelab
3
460
1ff811939fd0923df8321ec6d8bf9d4b?s=48 jxck
1
650
Fff70c641a9988db06414c9beb29029f?s=48 acogoluegnes
0
7.7k
3f848c0c0b9a6603894e157da93e4655?s=48 sadayoshitada0919
0
1.2k
A07bf430b58349d4c0c88dabcd4c21f3?s=48 iam326
0
220
7e20183342a040a32924a41343603286?s=48 konabuta
1
370

Featured

See All Featured
48c098b6579220a67a6ba949be6e4b5a?s=48 revolveconf
203
9.9k
A0517b08532aec8ab2aae3f65d40ad86?s=48 hannesfritz
32
1.1k
11c84dff30266b907714802088852677?s=48 jasonvnalue
87
8.3k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
69
3.1k
053e75a5b48b44d6dd0612795dfb326d?s=48 notwaldorf
48
2.8k
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
653
120k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
207
20k
Ae14cc4491ac334f9cd23f9f93b4305e?s=48 orderedlist
PRO
331
36k
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
66
4.1k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
324
54k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
194
8.8k
9128d500301ae51524e887bb680f471d?s=48 caitiem20
314
18k

Transcript

  1. ! To Defend Scott J Roberts Bad Guy Catcher Uses

    How

  2. this isn’t a sales pitch… but it is about using

    GitHub the product

  3. Our Goals • Use current tools & paradigms • Fast

    • Secure • Transparent to coworkers

  4. We live on GitHub (shocking!) • Writing code • Writing

    documentation • Having long running collaborative discussions • So why not incident response?

  5. Our Incident Process • Create an incident name • Create

    an incident branch • Apply the Incident Template • Open a Pull Request • “Run it down” • Finalize & Merge • it

  6. Create an incident name • Two word names • First

    word is “actor” - to the extent we know • Second word is the incident • Initials should be unique

  7. Create an “Incident Branch”

  8. Add Incident Template

  9. Our Templates

  10. Our Templates

  11. Git Add, Commit, & Push

  12. Open a Pull Request

  13. Open a Pull Request

  14. “Run it down”

  15. “Run it down” • Using the Pull Request workflow for

    IR: • Ties response directly to the code, such as fixes • Allows us to pull in relevant users & teams as necessary • Lets us categorize, organize, & track using Milestones, Labels, & States

  16. Finalize and Merge

  17. it • We share GitHub security incidents with all Hubbers

    • This helps us with a few things: • Raising OpSec awareness • Identifying & developing new features • Building user trust

  18. Quick Review 1. Create a branch 2. Add & fill

    out template 3. Add, commit, & push 4. Open a Pull Request 5. “Run it down” 6. Finalize & Merge

  19. Wake Up,
 Go T o War