DEF CON 30 - Jonathan Leitschuh - Scaling the Security Researcher to Eliminate OSS Vulnerabilities

preview_player
Показать описание
Hundreds of thousands of human hours are invested every year in finding common security vulnerabilities with relatively simple fixes. These vulnerabilities aren’t sexy, cool, or new, we’ve known about them for years, but they’re everywhere!

The scale of GitHub & tools like CodeQL (GitHub's code query language) enable one to scan for vulnerabilities across hundreds of thousands of OSS projects, but the challenge is how to scale the triaging, reporting, and fixing. Simply automating the creation of thousands of bug reports by itself isn’t useful, & would be even more of a burden on volunteer maintainers of OSS projects. Ideally the maintainers would be provided with not only information about the vulnerability, but also a fix in the form of an easily actionable pull request.

When facing a problem of this scale, what is the most efficient way to leverage researcher knowledge to fix the most vulnerabilities across OSS? This talk will cover a highly scalable solution - automated bulk pull request generation. We’ll discuss the practical applications of this technique on real world OSS projects. We’ll also cover technologies like CodeQL & OpenRewrite (a style-preserving refactoring tool created at Netflix & now developed by Moderne). Let’s not just talk about vulnerabilities, let’s actually fix them at scale.
  1. DEFCONConference
  2. DEF
  3. CON
  4. DEFCON
  5. DEF CON
  6. hacker conference
Рекомендации по теме
DEF CON 30 0:44:21

DEF CON 30 - Jonathan Leitschuh - Scaling the Security Researcher to Eliminate OSS Vulnerabilities

DEF CON 30 0:45:45

DEF CON 30 - Bill Graydon - Defeating Moving Elements in High Security Keys

DEF CON 31 0:39:49

DEF CON 31 - Ringhopper - How We Almost Zero day’d the World - Benny Zeltser, Jonathan Lusky

Free phone got 0:50:03

Free phone got me critical vulns affecting millions Android, Jonathan Bar Or [ DEFCON 30 ][ DCG VR ]

Watch This Russian 0:02:56

Watch This Russian Hacker Break Into Our Computer In Minutes | CNBC

The badges @ 0:01:00

The badges @ #defcon this year SUCKED!

DEF CON 30 0:18:52

DEF CON 30 - Andrew Logan - Tracking Military Ghost Helicopters over Washington DC

DEF CON 31 0:45:05

DEF CON 31 - Infinite Money Glitch - Hacking Transit Cards - Bertocchi, Campbell, Gibson, Harris

Mr. Robot Sucks 0:00:55

Mr. Robot Sucks

DEF CON 31 0:35:05

DEF CON 31 - Second Breakfast Implicit & Mutation Based Serialization Vulns in NET - Jonathan B...

DEF CON30: That 0:02:30

DEF CON30: That One Badge that had everyone hooked into it real bad :)

DEF CON 24 0:43:37

DEF CON 24 Conference - Jonathan Mayer, Panel - Meet the Feds

DEF CON 30 0:39:55

DEF CON 30 - Dongsung Kim - CSRF Resurrections Starring the Unholy Trinity

Jonathan Roumie’s Book 0:00:57

Jonathan Roumie’s Book Recommendation

What now? | 0:36:04

What now? | Jonathan Conricus

Jonathan Cahn’s Prophetic 0:03:28

Jonathan Cahn’s Prophetic Word to Donald Trump!

DEF CON Safe 1:00:45

DEF CON Safe Mode Red Team Village - Jonathan Helmus - Student Roadmap to Becoming a Pentester

DEF CON 25 0:31:27

DEF CON 25 Recon Village Jonathan Cran Attack Surface Discovery With Intrigue

DEF CON 31 0:45:25

DEF CON 31 - Defending KA-SAT - Mark Colaluca and Nick Saunders

Sign Of The 0:29:48

Sign Of The Antichrist – Kamala Harris, Donald Trump, & America's Future | Jonathan Cahn P...

DEF CON 30 0:31:50

DEF CON 30 - Thomas Roth , Solana - JIT - Lessons from fuzzing a smart contract compiler

Jonathan 'Sugarfoot' Moffett 0:10:06

Jonathan 'Sugarfoot' Moffett Hears Linkin Park For The First Time

Israel is God’s 0:00:59

Israel is God’s Prophetic Timepiece | Jonathan Cahn and Rabbi Jason Sobel Discuss

How Protestant Converts 0:06:51

How Protestant Converts Will Change Orthodoxy in America (Jonathan Pageau)

Комментарии
Автор

Awesome talk, loved it!
I never knew about OpenRewrite before this talk. It's good to see such automation based initiatives in OSS to fix vulnerable code at such a large scale.

RohanKumar-wfsc