PyCon Israel 2023

πŸ‡ΊπŸ‡Έ Fixing a CVE In the Open: redis-py, chatgpt, and open source bug hunting
2023-07-04, 11:30–12:15, Hall 3 (2nd Floor)

In March, OpenAI discovered a vulnerability in redis-py, leading to potential data exposure. This is the inside story of the vulnerability: learn how it was solved, addressed, and fixed - in an open source community.

Ever experience a bug in a python library? What about a library that's downloaded nearly 30 million times a month? This talk focuses on a vulnerability - one that caused data leakage in some services.

Attend this talk this talk, to learn about the vulnerability that brought down the world's largest AI framework. Walk away with the tools to address these bugs in the future, learning how the library was debugged, and how the fix was tested. This talk will cover the technical detail behind how the fix was applied in the open, but also the process of working with security issues. Learn how to work with an Open Source community, while addressing a critical bug and keeping your cool.

Every line of code written is open-source, and in the public record, today.

Session language – English Target audience – Developers Other (target audience) – Security Experts, Tester