Jonatan Männchen

Every Elixir developer uses the Hex package manager to ship their project. Businesses, universities, and even governments all rely on this critical infrastructure to adopt Elixir and deliver high quality software that drives billions of dollars in economic activity and growth. Given Hex is a load bearing pillar of Elixir, have you ever asked yourself: Is it secure?

Thanks to the Ægis Initiative, two real world penetration tests of Hex were funded, successfully completed, and directly resulted in serious security vulnerabilities being blocked from release. This work confirmed the design decisions made by the Hex core team laid an incredibly secure foundation, and led to improvements that have made Hex more secure than ever before. This presentation will cover the results of both tests (which are public for full transparency), and the remediation efforts that prove the core infrastructure of Elixir is safe in the hands of a world class team.

Key takeaways:

• Thanks to The Ægis Initiative, money is being raised and deployed for Elixir supply chain security
• The penetration test milestone was a huge success
• More work is in the pipeline, and we need the help of the community
• Ask your employer to fund Ægis, they are in good company - security.erlef.org/aegis

Target audience:

• Anyone using Elixir: businesses, developers, governments, universities, non-profits, hospitals, startups, students, and entrepreneurs.