Hi all,
I recently sat down with @dali32 from the SAFE team at Erlang Solutions for two new security-focused webinars. If BEAM security is on your radar, give these a look before they disappear into the noise of your watch-later list.
Part 1 – SAFE & OIDCC
- Building a full-fat OpenID Connect client for the BEAM
- What an external SAFE audit actually looks like
- The single
String.to_atom
pitfall we found and fixed - Using GitHub private advisories for responsible disclosure
- Why third-party reviews are worth the hassle
Part 2 – Security & the BEAM Ecosystem
- Why the Erlang Ecosystem Foundation became a CVE Numbering Authority
- Grabbing and acting on fresh BEAM CVE data
- Retiring vulnerable package versions on Hex
- Supply-chain hardening via the Ægis initiative
- Ways to get involved through the Security Working Group
Enjoy the videos, and let me know what you think!