The MariaDB Foundation and security - Finding and fixing vulnerabilities the open source way

Tuesday 5:25 PM - 5:50 PM

@ Wallstreet 3

MySQL/MariaDB

25 minutes conference

Beginner

Tracks:
Business Needs, Operations

The MariaDB Foundation has started a new effort to coordinate finding and fixing security vulnerabilities in the code base of MariaDB and MySQL.

In this talk, the current activities of the MariaDB Foundation's security efforts are presented, including for example, the recently devised Responsible Disclosure Policy and Hacker One bug bounty program, as well as future plans for continuous and automated security testing to be baked into our Continuous Integration and Testing pipelines.

As one of the world's most popular piece of server software and part of critical infrastructure, hosting vast amounts of databases, it is crucially important that it stays safe and operates without security issues. History has shown us we cannot trust any piece of software to be inherently secure, thus any project must have proper vulnerability disclosure and management procedures, be eager to collaborate with the security community and follow disclosure guidelines, as well as pro-actively look for security bugs in their own code base.


Speakers

Teodor Mircea Ionita

Teodor Mircea Ionita (MariaDB Foundation)

Security engineer

Biography:

I'm a passionate Open Source advocate and developer, UNIX head and occasionally sysadmin. I'm also deeply interested and involved in systems, network and information security as an independent researcher and aficionado.

I joined the MariaDB Foundation early 2018 as a Software Developer. I am also eager to contribute to the security aspect of MariaDB (having crafted a Responsible Disclosure policy and published our HackerOne bug bounty program) and also took on the initiative of setting up a fresh and modern instance of Buildbot for our ever growing needs for Testing and Continuous Integration on all supported platforms.

View my profile here:
https://mariadb.org/about/staff/teodor-mircea-ionita/


Slides



  Download Slides  

Connect with Percona

Stay Connected on:

Percona Live Conferences

The Percona Live Open Source Database Conferences are the premier event for the diverse and active open source database community, as well as businesses that develop and use open source database software.
 

Contact Us

For general information about the event/expo/conference, including registration, please contact us at:

  • info(@) percona.com
  • +1-888-401-3401
  • +1-919-948-2863
  • 8081 Arco Corporate Drive - Suite 330 - Raleigh, NC 27617, USA