Written by Bruce, 21 Mar 2017
Reporting a Security Issue in Erlang/OTP
Please follow this document in order to report the issues regarding security in Erlang/OTP. Please do not create a public issue for a security issue.
The risk level is often determined by a product of the impact once exploited, and the probability of exploitation occurring. In other words, if a bug can cause great damage, but it takes highest privilege to exploit the bug, then the bug is not a high risk one. Similarly, if the bug is easily exploitable, but its impact is limited, then it is not a high risk issue either.
There is not any hard and fast rule to determine if a bug is worth reporting as a security issue to erlang-security [at] erlang [dot] org. A general rule is that an attack by someone that has no access to the Erlang application or its system can affect the confidentiality, integrity and availability.
All security bugs in the Erlang/OTP distribution should be reported to erlang-security [at] erlang [dot] org. Your report will be handled by a small security team at the OTP team. Your email will be acknowledged as soon as we start handling the issue.
Please use a descriptive email title for your report. After the initial response to your report, the security team will keep you updated on the progress and decision being made towards a fix and release announcement.
If you believe that an existing public issue on bugs.erlang.org is security-related, we ask that you send an email to erlang-security [at] erlang [dot] org. The email title should contain the issue ID on bugs.erlang.org (e.g. Flagging security issue ERL-001). Please include a short description to motivate why it should be handled according to the security policy.
Written by Bruce, 5 Dec 2016
We have just released the source code for erlang.org website on Github.
The website is written in Cowboy, ErlyDTL and sumo_db. It is licensed under Apache License 2.0. You can follow the instructions to set up.
The erlang.org website is developed and maintained by Industrial Erlang User Group in collaboration with Erlang/OTP team at Ericsson.
Written by Bruce, 21 Apr 2015
Join us in Stockholm on 11-12 June for great talks about Erlang/OTP and Elixir innovations, the latest Erlang projects from companies such as Klarna, Machine Zone, Ericsson and much more: http://www.erlang-factory.com/euc2015/#home
Among the speakers are Erlang's co-inventor Robert Virding, functional expert Bodil Stokke, University of Kent professor Simon Thompson, Neotoma creator Sean Cribbs, author of the Cowboy web server Loïc Hoguin, Joacim Halén - Ericsson cloud technology researcher, Fredrik Linder - Erlang lead at Machine Zone, Alvaro Videla- co-author of ‘RabbitMQ in action’, professor Kevin Hammond from University of St. Andrews, and Mikael Pettersson - senior developer at Klarna.
The Conference will be preceded by one day of tutorials at Ericsson on 10 June and 3 days of expert on 8-10 June: http://www.erlang-factory.com/euc2015/training#erlang-express-810-june
Written by Bruce, 13 Mar 2015
Tags: [ CodeOfConduct ]
Written by Bruce, 2 Mar 2015
Erlang User Conference 2015
Stockholm 11-12 June
Call For Talks ends on 17 March
EUC 2015 will take place on 11-12 June, with one day of tutorials on 10 June and 3 days of expert training on 8-10 June: http://www.erlang-factory.com/euc2015
We are looking for passionate people who made an interesting innovation, open-source application or product with Erlang/OTP/Elixir. If you used Erlang or Elixir in a real-world project or you developed a cool tool, we want to hear about it! We are seeking talks aimed at beginners as much as for talks suited for more experienced users. This is to help newer members to the Erlang community make the maximum out of the EUC as well.
The deadline for talk proposals is 17 March, please submit your talk here: http://goo.gl/forms/bO9kU9PYrr
Written by Bruce, 13 Nov 2014
We are aware that parts of erlang.org need improvement. For example http://www.erlang.org/article/tag/examples and http://www.erlang.org/course/course.html are outdated. We would like to see a number of small code examples for beginners. The purpose of these examples is to provide an attractive and useful introduction for people who are interested in adopting the Erlang programming language.
Please send your input to firstname.lastname@example.org. We would like to call for help from the community since OTP team does not have too much time and it is not possible to submit pull requests for editorial of erlang.org as of now.
Any other suggestions for erlang.org are always welcome.
Written by Bruce, 1 Sep 2014
Berlin EFL is back on 4 December, and we hope this year will be at least as fun as last year. The Call for Talks will be open until 10 October, but we tend to have more talks submitted than we have slots available, so the earlier you send yours the better your chances.
Have you made an interesting innovation, open-source application or product with Erlang/OTP? Have you used Erlang in a real-world project and want to present a case study? Or maybe you developed a cool tool? Let the crowd know about it!
IMPORTANT: Elixir talks also welcome this year :)
Link to website: http://www.erlang-factory.com/berlin2014/home