13:45 - 14:30
I’m the maintainer of a *very* popular open-source PHP package – [PHPMailer](https://github.com/PHPMailer/PHPMailer). In December 2016, two critical remote code execution vulnerabilities were found in PHPMailer, affecting potentially tens of millions of sites. There’s a lot that goes on behind a CVE number – I’d been involved in reporting some minor security issues in the past, but nothing of this magnitude, and never at the receiving end, so I found myself at the start of a steep learning curve and an emotional roller-coaster. This is the story of how I ended up as the maintainer of a major open-source project, dealing with the project, handling vulnerabilities, contributions, donations and more.