Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How GitHub Uses GitHub to Defend GitHub

How GitHub Uses GitHub to Defend GitHub

A talk I gave for a closed conference right around RSA 2014.

Scott J. Roberts

February 24, 2014
Tweet

More Decks by Scott J. Roberts

Other Decks in Technology

Transcript

  1. !
    To Defend
    Scott J Roberts
    Bad Guy Catcher
    Uses
    How

    View full-size slide

  2. this isn’t a sales pitch…
    but it is about using GitHub the product

    View full-size slide

  3. Our Goals
    • Use current tools & paradigms
    • Fast
    • Secure
    • Transparent to coworkers

    View full-size slide

  4. We live on GitHub (shocking!)
    • Writing code
    • Writing documentation
    • Having long running
    collaborative discussions
    • So why not incident
    response?

    View full-size slide

  5. Our Incident Process
    • Create an incident name
    • Create an incident branch
    • Apply the Incident Template
    • Open a Pull Request
    • “Run it down”
    • Finalize & Merge
    • it

    View full-size slide

  6. Create an incident name
    • Two word names
    • First word is “actor” - to
    the extent we know
    • Second word is the
    incident
    • Initials should be unique

    View full-size slide

  7. Create an “Incident Branch”

    View full-size slide

  8. Add Incident Template

    View full-size slide

  9. Our Templates

    View full-size slide

  10. Our Templates

    View full-size slide

  11. Git Add, Commit, & Push

    View full-size slide

  12. Open a Pull Request

    View full-size slide

  13. Open a Pull Request

    View full-size slide

  14. “Run it down”

    View full-size slide

  15. “Run it down”
    • Using the Pull Request workflow for IR:
    • Ties response directly to the code, such as fixes
    • Allows us to pull in relevant users & teams as
    necessary
    • Lets us categorize, organize, & track using
    Milestones, Labels, & States

    View full-size slide

  16. Finalize and Merge

    View full-size slide

  17. it
    • We share GitHub security incidents with all Hubbers
    • This helps us with a few things:
    • Raising OpSec awareness
    • Identifying & developing new features
    • Building user trust

    View full-size slide

  18. Quick Review
    1. Create a branch
    2. Add & fill out template
    3. Add, commit, & push
    4. Open a Pull Request
    5. “Run it down”
    6. Finalize & Merge

    View full-size slide

  19. Wake Up,

    Go T
    o War

    View full-size slide