Picture this: it’s late, you’re on your third coffee, and you realize your library has a serious security hole. Even worse—there’s already a public exploit. Thousands of projects are at risk, and it’s on you to fix it.
This talk walks through how to handle that situation without melting down. We’ll cover how to file vulnerabilities, notify users, and regain control. You’ll learn about vulnerability scanners, Hex version retirement, and how a bit of prep can save you when things catch fire.
We’ll also look at how to prevent disasters in the first place—with security policies, emergency contacts, and a healthy dose of paranoia. And most importantly: disclosure isn’t shameful. Done right, it’s leadership.
Walk away knowing how to go from panic to patch—and maybe even feel good about it.
Key Takeaways:
-
How to respond when a public vulnerability is discovered in your code
-
An understanding of how the vulnerability disclosure process works (including CVEs and Hex-specific tools)
-
Concrete steps you can take today to prepare for a security incident
-
Why being transparent and proactive about security is a strength, not a shame
Target Audience:
- Anyone maintaining code that others rely on—whether it’s an open source library or a production application. If you’ve ever thought “what if I ship a bug that breaks the world?”, this talk is for you.