PyCon Israel 2023

🇮🇱 Fixing a CVE In the Open: redis-py, chatgpt, and open source bug hunting
07-04, 12:30–13:15 (Africa/Cairo), Hall 3 (2nd Floor)

In March, OpenAI discovered a vulnerability in redis-py, leading to potential data exposure. This is the inside story of the vulnerability: learn how it was solved, addressed, and fixed - in an open source community.


Ever experience a bug in a python library? What about a library that's downloaded nearly 30 million times a month? This talk focuses on a vulnerability - one that caused data leakage in some services.

Attend this talk this talk, to learn about the vulnerability that brought down the world's largest AI framework. Walk away with the tools to address these bugs in the future, learning how the library was debugged, and how the fix was tested. This talk will cover the technical detail behind how the fix was applied in the open, but also the process of working with security issues. Learn how to work with an Open Source community, while addressing a critical bug and keeping your cool.

Every line of code written is open-source, and in the public record, today.


Session language –

Hebrew

Target audience –

Developers

Other (target audience) –

Security Experts, Tester

Chayim is a veteran of the software industry with over twenty years of experience. He has helped release several operating systems, contributed to a variety of open-source projects, and built and maintained multiple datacenters, operations teams, and products. With experience contributing at SGI, Autodesk, Novell, SuSE, and others, Chayim has helped several organizations scale their codebase, development teams, and the organization itself - while increasing both the speed and quality of software releases.

Today, Chayim works for Redis as the Client and Ecosystem manager. He mentors new developers, and spends time slipping between languages, both spoken and code.

In the real world, Chayim plays a killer harmonica, hangs out with his wife and kids, and dreams about his roller-blades.