2026-04-15 –, AMPHITHEATRE
Ever thought about what happens when someone finds a security issue in Django? How do you disclose an issue responsibly? What happens after that? How does the Django team work on it? What happens until a security release is published? What comes afterward? And what impact have AI and LLMs on Django and its security?
This talk is your behind the scenes guide to Django's best in class security processes. I’ll give an introduction to how the team handles security issues: the triaging, fixing, disclosure process, and releases.
I will then review the history of Django’s security issues to identify hotspots and areas to look out for. Lastly, I will explore the impact of AI and LLMs on the security of Django as well as its security team.
The talk will give you everything you need, to help you interact with Django’s security team when needed, and show how Django's security process can act as an example for other open source projects.
Community, Security
Audience Level:Beginner
Django has been a part of my life for over 15 years. And again, in my current position as a software engineer it's the foundation of the job. While there have been times when I contributed to Django's code base regularly, these times have receded. However, I remain a member of Django's security and ops teams, which I've been on for almost a decade now.