OSS Security the hard way accepted

Abstract

The software has become widely used in the world, and the software engineers and programmers need to be always concerned with security.

In a company that is profit organizations have a CSIRT(Computer Security Incident Response Team) and can hire the full-time developer for handling the incident. They have the playbook, solutions provided by the enterprise and the many of engineers. It seems to be nice for the software industry.on the other hand, I think that it is difficult to say "It's a nice!" for the software developed by non-profit organizations or individuals, especially OSS.

In this presentation, I will show the detail of incident responses of the programming languages ​​Ruby and RubyGems that I belong to as a member of the development team. This talk includes the initial response of the incident when the vulnerability is discovered in the OSS, triage, code, coordinate, release and announce.

It makes to lower the hurdles for individuals and teams developing OSS to respond to security incidents.

Video
Session Information
Confirmed confirmed
Starts On 8/31/19, 10:30 AM
Room Centennial Hall A
Session Duration 50 min session
Spoken Language Japanese
Interpretation Unavailable
Slide Language English