Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How GitHub Uses GitHub to Defend GitHub

Scott J. Roberts
February 24, 2014
Technology
3
280

How GitHub Uses GitHub to Defend GitHub

A talk I gave for a closed conference right around RSA 2014.

Scott J. Roberts

February 24, 2014
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
Homemade Ramen & Threat Intelligence
sroberts
2
390
Introduction to Open Source Security Tools
sroberts
3
4.6k
Building Effective Threat Intelligence Sharing
sroberts
1
88
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
73
Crisis Communication for Incident Response
sroberts
1
250
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3k
Community Intelligence & Open Source Tools
sroberts
5
1k
Responding @ Scale: osquery for Mass Incident Response and Detection
sroberts
1
12k
Hipster DFIR on OSX
sroberts
2
900

Other Decks in Technology

See All in Technology
LLMの普及による機械学習の民主化とMLPdMの重要性 / democratization-of-ml-and-importance-of-mlpdm-by-llm
yuya4
2
2.8k
dx_osarai_about_connection
hatahata021
0
320
Exadata Database Cloud (Exadata Cloud Service) サービス技術詳細
oracle4engineer
PRO
0
29k
AWS Direct Connectと愉快なGWたちのおさらい
minorun365
5
870
Virtual Threads - 導入の背景と、効果的な使い方 -
skrb
2
310
DMMオンラインサロン エンジニア採用資料/ for-software-engineers
onlinesalon
0
2.3k
よくわかるフォルシアのエンジニア 旅行プラットフォーム部編
forcia_dev_pr
0
200
機械学習モデル性能向上への学習データからのアプローチ
okada_fuutass
0
140
Web API development in Visual Studio 2022
tsubakimoto_s
0
140
「Go Style Guide」から学んだ可読性の高いコードの書き方
andpad
5
2.8k
IaCのCI/CDを考えよう / JAWS-UG_Okayama_IaC_CICD
taishin
1
180
どうしてもcgoから逃げられなくなったあなたに知ってほしいcgoの使い方入門
sakiengineer
1
1.1k

Featured

See All Featured
Building Your Own Lightsaber
phodgson
96
5k
What’s in a name? Adding method to the madness
productmarketing
PRO
14
2.1k
The Power of CSS Pseudo Elements
geoffreycrofte
54
4.5k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
Raft: Consensus for Rubyists
vanstee
130
5.8k
5 minutes of I Can Smell Your CMS
philhawksworth
198
18k
Teambox: Starting and Learning
jrom
124
8k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
658
120k
How GitHub (no longer) Works
holman
299
140k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
123
29k

Transcript

  1. !
    To Defend
    Scott J Roberts
    Bad Guy Catcher
    Uses
    How

    View Slide

  2. this isn’t a sales pitch…
    but it is about using GitHub the product

    View Slide

  3. Our Goals
    • Use current tools & paradigms
    • Fast
    • Secure
    • Transparent to coworkers

    View Slide

  4. We live on GitHub (shocking!)
    • Writing code
    • Writing documentation
    • Having long running
    collaborative discussions
    • So why not incident
    response?

    View Slide

  5. Our Incident Process
    • Create an incident name
    • Create an incident branch
    • Apply the Incident Template
    • Open a Pull Request
    • “Run it down”
    • Finalize & Merge
    • it

    View Slide

  6. Create an incident name
    • Two word names
    • First word is “actor” - to
    the extent we know
    • Second word is the
    incident
    • Initials should be unique

    View Slide

  7. Create an “Incident Branch”

    View Slide

  8. Add Incident Template

    View Slide

  9. Our Templates

    View Slide

  10. Our Templates

    View Slide

  11. Git Add, Commit, & Push

    View Slide

  12. Open a Pull Request

    View Slide

  13. Open a Pull Request

    View Slide

  14. “Run it down”

    View Slide

  15. “Run it down”
    • Using the Pull Request workflow for IR:
    • Ties response directly to the code, such as fixes
    • Allows us to pull in relevant users & teams as
    necessary
    • Lets us categorize, organize, & track using
    Milestones, Labels, & States

    View Slide

  16. Finalize and Merge

    View Slide

  17. it
    • We share GitHub security incidents with all Hubbers
    • This helps us with a few things:
    • Raising OpSec awareness
    • Identifying & developing new features
    • Building user trust

    View Slide

  18. Quick Review
    1. Create a branch
    2. Add & fill out template
    3. Add, commit, & push
    4. Open a Pull Request
    5. “Run it down”
    6. Finalize & Merge

    View Slide

  19. Wake Up,

    Go T
    o War

    View Slide