International PHP Conference |
October 21 - 25, 2019 in Munich

Tales from the wrong end – a maintainer’s story of open source & CVEs

This talk originates from the archive. To the CURRENT program
Till July 11th: ✓ Fullstack Day for free ✓ Group discount ✓ Save up to 720 € Register now
Thursday, October 18 2018
13:45 - 14:30

I’m the maintainer of a *very* popular open-source PHP package – [PHPMailer]( In December 2016, two critical remote code execution vulnerabilities were found in PHPMailer, affecting potentially tens of millions of sites. There’s a lot that goes on behind a CVE number – I’d been involved in reporting some minor security issues in the past, but nothing of this magnitude, and never at the receiving end, so I found myself at the start of a steep learning curve and an emotional roller-coaster. This is the story of how I ended up as the maintainer of a major open-source project, dealing with the project, handling vulnerabilities, contributions, donations and more.

Stay tuned!

Behind the Tracks of IPC

PHP Development
Best Practices & Application

Web Development
Web Development & more

JavaScript Development
All about JavaScript

Web Architecture
Concepts & Environments

Performance & Security
All about Performance & Security

Agile & Culture
Agility has become mainstream