I’m the maintainer of a very popular open-source PHP package – PHPMailer. In December 2016, two critical vulnerabilities were found in PHPMailer, affecting potentially millions of sites. I’d been involved in reporting minor security issues in the past, but nothing of this magnitude, and never at the receiving end. I found myself at the start of a steep learning curve and an emotional roller-coaster; a story of open source, CVEs, and people.

Comments

Comments are closed.

Rated 4

Jurgen Rutten at 18:44 on 26 Jan 2018

Nice personal story, expected more opensource tales

Very interesting!

Rated 4

Michiel Kodde at 10:02 on 27 Jan 2018

Also liked the personal aspect of this presentation.

Nice to hear a personal story about the impact of vulnerabilities on the life of an open source maintainer.

Nice personal story you need to hear once.

Well presented and interesting story, and i liked the first-person perspective during the talk. Only complaint i have is that it felt a bit disconnected between the security breach topic and then the reflections on maintaining an OSS project. But both parts very really interesting.

Interesting story and well given

Interesting talk.

Rated 4

Jelle Smeets at 20:59 on 27 Jan 2018

Very interesting talk from the perspective of opensource maintainers and what happens if a security vulnerability is found.

Rated 4

Guy Steels at 12:09 on 28 Jan 2018

Great talk. Nice to hear a story/an experience right down from the trenches.

Rated 5

Leon Boot at 11:52 on 29 Jan 2018

When this vulnerability appeared on our radar, it was All hands on deck for us. It was very interesting to hear about the whole process from your point of view. Thanks for sharing your story!

Interesting talk

Rated 4

Anonymous at 09:15 on 30 Jan 2018

Good talk, interesting to see how this was from your perspective.

An interesting story about the risks and rewards of maintaining open source software.