Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
How GitHub Uses GitHub to Defend GitHub
Scott J. Roberts
February 24, 2014
Technology
3
200
How GitHub Uses GitHub to Defend GitHub
A talk I gave for a closed conference right around RSA 2014.
Scott J. Roberts
February 24, 2014
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
sroberts
2
190
sroberts
2
4k
sroberts
1
66
sroberts
0
56
sroberts
1
180
sroberts
3
2.6k
sroberts
5
830
sroberts
1
11k
sroberts
2
750
Other Decks in Technology
See All in Technology
clustervr
0
210
adhorn
0
340
pohjus
1
740
eayedi
1
120
fufuhu
3
130
iwashi86
53
23k
yamamuteki
2
500
mito201
1
1.1k
imdigitallab
0
110
willnet
12
4k
taxin
0
140
grapecity_dev
0
170
Featured
See All Featured
malarkey
119
16k
michaelherold
224
8.5k
wjessup
339
16k
bryan
100
11k
denniskardys
220
120k
lara
15
2.7k
edds
56
9.4k
holman
288
130k
cassininazir
347
20k
hannesfritz
28
950
tammielis
237
23k
akmur
252
19k
Transcript
! To Defend Scott J Roberts Bad Guy Catcher Uses
How
this isn’t a sales pitch… but it is about using
GitHub the product
Our Goals • Use current tools & paradigms • Fast
• Secure • Transparent to coworkers
We live on GitHub (shocking!) • Writing code • Writing
documentation • Having long running collaborative discussions • So why not incident response?
Our Incident Process • Create an incident name • Create
an incident branch • Apply the Incident Template • Open a Pull Request • “Run it down” • Finalize & Merge • it
Create an incident name • Two word names • First
word is “actor” - to the extent we know • Second word is the incident • Initials should be unique
Create an “Incident Branch”
Add Incident Template
Our Templates
Our Templates
Git Add, Commit, & Push
Open a Pull Request
Open a Pull Request
“Run it down”
“Run it down” • Using the Pull Request workflow for
IR: • Ties response directly to the code, such as fixes • Allows us to pull in relevant users & teams as necessary • Lets us categorize, organize, & track using Milestones, Labels, & States
Finalize and Merge
it • We share GitHub security incidents with all Hubbers
• This helps us with a few things: • Raising OpSec awareness • Identifying & developing new features • Building user trust
Quick Review 1. Create a branch 2. Add & fill
out template 3. Add, commit, & push 4. Open a Pull Request 5. “Run it down” 6. Finalize & Merge
Wake Up, Go T o War