OPEN SOURCE SECURITY: A maintainer-first approach to vulnerability disclosure

Our favorite platforms to write and share code, such as GitHub, Gitlab, or Bitbucket, empower maintainers and contributors to collaborate efficiently on open source projects. However, these platforms don’t always feel adequate when dealing with security bugs. Correcting security flaws is a sensitive process. Creating a public issue or pull request about a vulnerability could expose users to attacks. Furthermore, funding, missing knowledge, and misaligned incentives are common challenges that hinder collaboration between open source maintainers and security researchers. This session will discuss the best features and practices to bring two communities to communicate and collaborate better while empowering developers to write secure code.