Picture this: you’re chugging coffee late at night when you realize your beloved library has a massive security hole. Worse yet, someone’s already posted a proof-of-concept exploit for the world to see. Suddenly, thousands of projects are at risk, and you’re the one holding the bag. That’s exactly the scenario this talk tackles: the rush of panic, the scramble to inform everyone, and ultimately the hero’s journey to patch things up.

We’ll step through how to file vulnerabilities through official channels (like the CVE system) and bring clarity to the confusion of those first chaotic hours. You’ll see how simple tools, vulnerability scanners, and a clear emergency plan can make the difference between an all-nighter of sweaty debugging and a smoother return to stability. Along the way, we’ll talk best practices for preventing these disasters in the first place—from well-defined security policies to having the right people on speed dial.

And here’s the kicker: vulnerability disclosure isn’t something to hide under the rug. Handled well, it’s proof that you take security seriously, and that alone can earn respect. By the end of this session, you’ll have the knowledge (and the confidence) to handle your very own “Oh no!” moment with a lot less panic and a lot more rock ‘n’ roll.

Target Audience
* Maintainers of libraries and anyone running a production project.
* People curious about the basics of handling real-world security incidents.

Base Level of Knowledge
* No deep security expertise required; this talk will serve as an introductory crash course on vulnerability disclosure processes, common tooling, and best practices to keep your code (and your sanity) intact.