Speaker Details


Wadeck Follonier

CloudBees

Wadeck Follonier is a Security Software Engineer at CloudBees and active member of the Jenkins Security Team. He finished his Master's degree in Computer Science with a specialization in Internet Computing at EPFL in 2011. Prior to joining CloudBees, he started his career in various positions such as Software Engineer, Project Manager or even Application Manager. He always has the desire to find solutions that are also considering maintenance in account. In his current role, he has the pleasure to work with lots of different applications through all the Jenkins plugins. Outside of security, he's interested in genetic algorithms and video game development.

One does not simply fix a vulnerability as a bug

Conference
Security

One may think that handling a security vulnerability is just about the fix, but do not be fooled. The journey stretches from explaining how to properly submit findings through the entire correction process, down to providing a security release/patch and extending to post-release follow-up.

Scenario: You receive what looks like a serious vulnerability report. That vulnerability highlights the fact your whole application has an architectural flaw. Moreover, it is bound to a 30-days disclosure deadline. Welcome to reality. Adding a tad of fatality, you think that you may just be a step away from having a 0-day on Twitter. 

Building on our experience managing the security of a popular open source project (Jenkins) as well as the internal security processes of all our commercial portfolio, we will present challenges we encountered and solutions that let us sleep.

Scheduled on Tuesday from 15:10 to 15:55 in Room 8

Processes
Vulnerabilities
Security Best Practices