A maintainer-first approach to open source security (EN)

Our favourite platforms to write and share code, such as GitHub, GitLab, or Bitbucket, empower maintainers and contributors to efficiently collaborate on open source projects. However, these platforms don’t always feel adequate when dealing with security bugs. Correcting security flaws is a sensitive process. Creating a public issue or pull request about a vulnerability could expose users to attacks. Furthermore, funding, missing knowledge, and misaligned incentives are common challenges that hinder collaboration between open source maintainers and security researchers. This session will discuss the best tools and practices that can help bring two communities to communicate and collaborate better and maintain secure software.


  • Nancy Gariché
    Nancy Gariché
    GitHub Security Lab

    Nancy is a Senior Developer Advocate for the GitHub Security Lab, where she helps security researchers and developers collaborate and communicate better. In her spare time, Nancy co-leads the OWASP DevSlop Project and is a member of the AWS Community Builder group. Nancy was named one of the Top 20 Women Leaders in Cyber in Canada, 2021.


Nov 15 2022


10:30 - 11:00


Nov 15 - Elisabeth