International PHP Conference |
June 3 - 7, 2019 in Berlin

Tales from the wrong end – a maintainer’s story of open source & CVEs

Keynote
This talk originates from the archive. To the CURRENT program
Till February 14th ✓ Workshop Day for free ✓ Group discount ✓ Save up to € 700 Register now
Infos
Thursday, October 18 2018
13:45 - 14:30
Room:
Forum 1+2+3

I’m the maintainer of a *very* popular open-source PHP package – [PHPMailer](https://github.com/PHPMailer/PHPMailer). In December 2016, two critical remote code execution vulnerabilities were found in PHPMailer, affecting potentially tens of millions of sites. There’s a lot that goes on behind a CVE number – I’d been involved in reporting some minor security issues in the past, but nothing of this magnitude, and never at the receiving end, so I found myself at the start of a steep learning curve and an emotional roller-coaster. This is the story of how I ended up as the maintainer of a major open-source project, dealing with the project, handling vulnerabilities, contributions, donations and more.

Stay tuned!

Behind the Tracks of IPC

PHP Development
Best Practices & Application

Web Development
Web Development & more

JavaScript Development
All about JavaScript

Web Architecture
Concepts & Environments

Performance & Security
All about Performance & Security