Talk in English - US at Dutch PHP Conference 2017
Short URL: https://joind.in/talk/add34
(QR-Code (opens in new window))
I'm the maintainer of a very popular open-source PHP package - PHPMailer. In December 2016, two critical remote code execution vulnerabilities were found in PHPMailer, affecting potentially tens of millions of sites. There's a lot that goes on behind a CVE number - I'd been involved in reporting some minor security issues in the past, but nothing of this magnitude, and never at the receiving end, so I found myself at the start of a steep learning curve and an emotional roller-coaster. This is the story.
Comments
Comments are closed.
Nice story about a bug and the implecations
Very well presented talk about the various things you may have to deal with with a vuln like this. And a few nice useful pointers too.
Take my internet points for a job well done :)
I was hoping for an edutaining story and you delivered.
Well prepared, well presented talk.
One of the best talks at DPC17.
Good build-up of the story and excellent explaining what has happend.
This was the second talk I attended from Marcus, and it did not disappoint.
The story itself was entertaining, the speaker gave a personal insight how the discovery of a security issue itself triggered a whole lot of work and investigation how to solve it.
Hopefully I won't encounter myself in a similar situation :)
A very "honest" talk with some interesting points. I liked how you made the talk personal.