Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How GitHub Uses GitHub to Defend GitHub

Scott J. Roberts
February 24, 2014
Technology
3
320

How GitHub Uses GitHub to Defend GitHub

A talk I gave for a closed conference right around RSA 2014.

Scott J. Roberts

February 24, 2014
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
94
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
67
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
31
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
23
Homemade Ramen & Threat Intelligence
sroberts
2
490
Introduction to Open Source Security Tools
sroberts
3
4.8k
Building Effective Threat Intelligence Sharing
sroberts
1
110
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
110
Crisis Communication for Incident Response
sroberts
1
320

Other Decks in Technology

See All in Technology
強いチームと開発生産性
onk
PRO
33
11k
AIチャットボット開発への生成AI活用
ryomrt
0
170
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
120
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
0
110
EventHub Startup CTO of the year 2024 ピッチ資料
eventhub
0
110
SSMRunbook作成の勘所_20241120
koichiotomo
1
110
The Role of Developer Relations in AI Product Success.
giftojabu1
0
120
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
180
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
TypeScriptの次なる大進化なるか!? 条件型を返り値とする関数の型推論
uhyo
2
1.6k
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
270
Python(PYNQ)がテーマのAMD主催のFPGAコンテストに参加してきた
iotengineer22
0
470

Featured

See All Featured
Ruby is Unlike a Banana
tanoku
97
11k
Building an army of robots
kneath
302
43k
Code Review Best Practice
trishagee
64
17k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
Facilitating Awesome Meetings
lara
50
6.1k
Making Projects Easy
brettharned
115
5.9k
Building Your Own Lightsaber
phodgson
103
6.1k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
The Invisible Side of Design
smashingmag
298
50k
Gamification - CAS2011
davidbonilla
80
5k

Transcript

  1. ! To Defend Scott J Roberts Bad Guy Catcher Uses

    How

  2. this isn’t a sales pitch… but it is about using

    GitHub the product

  3. Our Goals • Use current tools & paradigms • Fast

    • Secure • Transparent to coworkers

  4. We live on GitHub (shocking!) • Writing code • Writing

    documentation • Having long running collaborative discussions • So why not incident response?

  5. Our Incident Process • Create an incident name • Create

    an incident branch • Apply the Incident Template • Open a Pull Request • “Run it down” • Finalize & Merge • it

  6. Create an incident name • Two word names • First

    word is “actor” - to the extent we know • Second word is the incident • Initials should be unique

  7. Create an “Incident Branch”

  8. Add Incident Template

  9. Our Templates

  10. Our Templates

  11. Git Add, Commit, & Push

  12. Open a Pull Request

  13. Open a Pull Request

  14. “Run it down”

  15. “Run it down” • Using the Pull Request workflow for

    IR: • Ties response directly to the code, such as fixes • Allows us to pull in relevant users & teams as necessary • Lets us categorize, organize, & track using Milestones, Labels, & States

  16. Finalize and Merge

  17. it • We share GitHub security incidents with all Hubbers

    • This helps us with a few things: • Raising OpSec awareness • Identifying & developing new features • Building user trust

  18. Quick Review 1. Create a branch 2. Add & fill

    out template 3. Add, commit, & push 4. Open a Pull Request 5. “Run it down” 6. Finalize & Merge

  19. Wake Up,
 Go T o War