Maciej Mensfeld

@maciejmensfeld

I'm a Software Architect at Mend and a member of the RubyGems security team. In RubyGems, I'm responsible for the detection of malicious packages as well as post-incident impact analysis of critical vulnerabilities posing threats to the Ruby gems users. I've detected and reported over 20 000 malicious packages in various ecosystems and on GitHub. I'm also an active OSS contributor to various Ruby projects.

RubyGems on the watch

Did you know that in 2022, over 400 malicious packages were released to RubyGems? That's more than one per day! Our packages ecosystem may not be the biggest, but sure it is being actively exploited!

Are you worried? Don't be! You are not alone! RubyGems has a security team actively monitoring and mitigating various threats to ensure that the gems ecosystem is safe and sound. The previous year was when the RubyGems security team would have to issue critical CVEs related to RubyGems security. Still, at the same time, we spent days and nights making sure that the discovered vulnerabilities were not actively exploited.

Join me on an adventure from one critical vulnerability to another. Let's explore the world of malicious packages together and learn how you can ensure your safety in this world full of threats and bad actors.

Presentation Material

Slides

Recorded video

from RubyKaigi on YouTube

Schedule

Presentation Material

Recorded video