As the Chief Information Security Officer at the Erlang Ecosystem Foundation (EEF), Jonatan drives security initiatives across Erlang, Elixir, Gleam, and the broader community. His role involves analyzing and implementing data protection, compliance, and secure development practices - particularly focusing on requirements like EU CRA/CISA and supply chain integrity. Jonatan maintains the EEF’s CNA (CVE Numbering Authority), ensuring vulnerability disclosures are managed effectively. He also collaborates closely with volunteer working groups, designs software solutions for security challenges, and actively engages in fundraising activities.
AI-based security research has thrown the open-source community into turmoil and created a flood of vulnerability reports that maintainers struggle to manage. But what can the open-source community do to better protect and prepare itself against the threat of models like Mythos that find exploits faster than maintainers can fix them? Jonatan Männchen, the CISO of the Erlang Ecosystem Foundation (EEF), and Peter Ullrich, the appointed AI Security Engineer of the EEF share their experiences of finding, reporting, and fixing close to a hundred severe vulnerabilities in the Top 1000 most downloaded Hex packages. They will show how open-source communities can adapt to this new reality, turn better vulnerability detection into a strength, and build processes that make security work more scalable for everyone.
Target Audience: