The Road to Mordor: Information Security Issues and Your Open Source Project

From time to time, communities will run across information security incidents. In the course of project expansion, it always seems like a good idea to wake up a new instance of Something_With_A_Database and not write down the credentials or think very clearly about what the permissions are on that new instance. If you're involved in open source for any length of time, you're going to discover a hack at some point in time. However, the Lord of the Rings is a great model for being able to deal with your information security issues.

I'll cover:

• The forging of the ring: or how this stuff happens in the first place
• How Gollum became corrupted: what happens when you don't work in a timely manner to resolve these things
• The cast of characters: someone on your team is going to be Gandalf. You might not always have a ranger who comes out of the shadows and saves you
• The journey to Rivendell: what effective discovery on an information security looks like
• The council of Elrond: what to do after you've gone through discovery and now you need input
• The mines of Moria: what happens when you don't do a thorough discovery, and/or information comes to light that should not have been forgotten
• Getting waylaid on the road: challenges within the team and balancing out different needs around disclosure and resolution
• Good grief, Boromir: Someone who has different ideas even after the Council of Elrond
• Actually getting the ring to Mordor: Resolution/launch, disclosure
• Going back and cleaning up the shire: Making sure you're in a better place at the end