International PHP Conference |
May 25 – 29, 2020 in Berlin

Tales from the wrong end – a maintainer’s story of open source & CVEs

This talk originates from the archive. To the CURRENT program
Until February 6: ✓ Workshop Day for free ✓ Group discount ✓ Save up to € 700 Register now
Thursday, October 18 2018
13:45 - 14:30

I’m the maintainer of a *very* popular open-source PHP package – [PHPMailer]( In December 2016, two critical remote code execution vulnerabilities were found in PHPMailer, affecting potentially tens of millions of sites. There’s a lot that goes on behind a CVE number – I’d been involved in reporting some minor security issues in the past, but nothing of this magnitude, and never at the receiving end, so I found myself at the start of a steep learning curve and an emotional roller-coaster. This is the story of how I ended up as the maintainer of a major open-source project, dealing with the project, handling vulnerabilities, contributions, donations and more.

Stay tuned!

Behind the Tracks of IPC

PHP Development
Best Practices & Application

Web Development
Web Development & more

JavaScript Development
All about JavaScript

Agile & Culture
Agility has become mainstream

Concepts & Environments

Web Security
All about Web Security

Testing & Quality
An overview of the most important topics

DevOps is a philosophy