Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How GitHub Uses GitHub to Defend GitHub

Ded29c7918dce50c65131df03c769004?s=47 Scott J. Roberts
February 24, 2014
Technology
3
200

How GitHub Uses GitHub to Defend GitHub

A talk I gave for a closed conference right around RSA 2014.

Ded29c7918dce50c65131df03c769004?s=128

Scott J. Roberts

February 24, 2014
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
Ded29c7918dce50c65131df03c769004?s=48 sroberts
2
200
Ded29c7918dce50c65131df03c769004?s=48 sroberts
3
4.1k
Ded29c7918dce50c65131df03c769004?s=48 sroberts
1
67
Ded29c7918dce50c65131df03c769004?s=48 sroberts
0
57
Ded29c7918dce50c65131df03c769004?s=48 sroberts
1
190
Ded29c7918dce50c65131df03c769004?s=48 sroberts
3
2.6k
Ded29c7918dce50c65131df03c769004?s=48 sroberts
5
850
Ded29c7918dce50c65131df03c769004?s=48 sroberts
1
11k
Ded29c7918dce50c65131df03c769004?s=48 sroberts
2
760

Other Decks in Technology

See All in Technology
53850955f15249a1a9dc49df6113e400?s=48 line_developers
PRO
1
540
88dae28e3d082236f37db2f5c2db339d?s=48 keropiyo
0
260
Ad22fcf5773b906c08330f4d57242212?s=48 inductor
0
440
Aa2271fde3c839f2ab82d1d27dbbc650?s=48 takayukihayashi
1
280
396bc484aa53948c58c8fa847ad91372?s=48 riki_hiraoka
0
230
71c9ebde850996d2533c5df4df2c93c6?s=48 opdavies
0
2.5k
3115a782126be714b5f94d24073c957d?s=48 oracle4engineer
0
120
9ea422a61c1a69c888786830eee3dbe6?s=48 osonoi
0
150
E598c2f9a8e5c94eea0e6505b4233d81?s=48 tomohide_tanaka
1
630
Ac5b39a4b12e8ca2d6e25b9e7cc142ae?s=48 djain2405
1
120
F89f6a80305746253d4bedb128b2f445?s=48 mats16
0
370
B16717ef4b7aab0b253d933c3934f280?s=48 mixi_engineers
0
340

Featured

See All Featured
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
192
17k
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
20
800
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
66
3.1k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
3
590
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
56
5.5k
A16eb159db895e3b01d3dc95767ad595?s=48 jonyablonski
25
1.4k
282d599b414022eba5096510f675b6e2?s=48 chrislema
173
14k
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
178
14k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
23
1.3k
C4de88ea47538e4594750e3861a341c8?s=48 brettharned
93
3.1k
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
653
110k
15f2b8221f247985a27a627d2ece72f0?s=48 pauljervisheath
195
15k

Transcript

  1. ! To Defend Scott J Roberts Bad Guy Catcher Uses

    How

  2. this isn’t a sales pitch… but it is about using

    GitHub the product

  3. Our Goals • Use current tools & paradigms • Fast

    • Secure • Transparent to coworkers

  4. We live on GitHub (shocking!) • Writing code • Writing

    documentation • Having long running collaborative discussions • So why not incident response?

  5. Our Incident Process • Create an incident name • Create

    an incident branch • Apply the Incident Template • Open a Pull Request • “Run it down” • Finalize & Merge • it

  6. Create an incident name • Two word names • First

    word is “actor” - to the extent we know • Second word is the incident • Initials should be unique

  7. Create an “Incident Branch”

  8. Add Incident Template

  9. Our Templates

  10. Our Templates

  11. Git Add, Commit, & Push

  12. Open a Pull Request

  13. Open a Pull Request

  14. “Run it down”

  15. “Run it down” • Using the Pull Request workflow for

    IR: • Ties response directly to the code, such as fixes • Allows us to pull in relevant users & teams as necessary • Lets us categorize, organize, & track using Milestones, Labels, & States

  16. Finalize and Merge

  17. it • We share GitHub security incidents with all Hubbers

    • This helps us with a few things: • Raising OpSec awareness • Identifying & developing new features • Building user trust

  18. Quick Review 1. Create a branch 2. Add & fill

    out template 3. Add, commit, & push 4. Open a Pull Request 5. “Run it down” 6. Finalize & Merge

  19. Wake Up,
 Go T o War