As the Chief Information Security Officer at the Erlang Ecosystem Foundation (EEF), Jonatan drives security initiatives across Erlang, Elixir, Gleam, and the broader community. His role involves analyzing and implementing data protection, compliance, and secure development practices - particularly focusing on requirements like EU CRA/CISA and supply chain integrity. Jonatan maintains the EEF’s CNA (CVE Numbering Authority), ensuring vulnerability disclosures are managed effectively. He also collaborates closely with volunteer working groups, design software solutions for security challenges, and actively engage in fundraising activities.
Picture this: it’s late, you’re on your third coffee, and you realize your library has a serious security hole. Even worse—there’s already a public exploit. Thousands of projects are at risk, and it’s on you to fix it.
This talk walks through how to handle that situation without melting down. We’ll cover how to file vulnerabilities, notify users, and regain control. You’ll learn about vulnerability scanners, Hex version retirement, and how a bit of prep can save you when things catch fire.
We’ll also look at how to prevent disasters in the first place—with security policies, emergency contacts, and a healthy dose of paranoia. And most importantly: disclosure isn’t shameful. Done right, it’s leadership.
Walk away knowing how to go from panic to patch—and maybe even feel good about it.
Key Takeaways:
How to respond when a public vulnerability is discovered in your code
An understanding of how the vulnerability disclosure process works (including CVEs and Hex-specific tools)
Concrete steps you can take today to prepare for a security incident
Why being transparent and proactive about security is a strength, not a shame
Target Audience: