At Code BEAM Europe 2025 @maennchen.dev : War stories from a security disaster. What to do when everything breaks.

🗓️ Nov 7- BEAM Unconference 1000-1500 7/11 luma.com/qyfevatp Lightning talks, deep dives & community.

💜 @elixir-lang.org v1.19 is the first release with OpenChain certification — bringing more transparency and trust to the BEAM ecosystem. Big thanks to @maennchen.dev and our sponsor Herrmann Ultraschall for making this milestone possible! 👏 🔗 elixir-lang.org/blog/2025/02... #Elixilang

I received a small donation mentioning ads.fund, which apparently created a token around my open-source project. I’m not sure what to make of it and would appreciate community input on whether it’s legitimate or something to distance from. github.com/maennchen/Zi...

Hey folks! We have a CVE up for #AshFramework bypass policies. It's a *highly unlikely edge case*. But, as always, we take security extremely seriously and will always follow proper procedure here. Props to @maennchen.dev for reporting and resolving 🙇

Elixir Radar issue 486 is out! 📣 You can read it here: buff.ly/2UM7hp6 This issue comes with content from @shahryar-tbiz.bsky.social @katafrakt.bsky.social @maennchen.dev @elixircasts.io , Matt Savoia and Yatender Singh . Thank you! #ElixirLang

We have made major progress toward CRA readiness for the BEAM ecosystem! 🔙So far: CNA operations, OpenChain certification, and more already in place. 🔜Next up: signed OTP builds to lower compliance costs and strengthen sustainability. security.erlef.org/assets/aegis...

Another 🔥 package release from @maennchen.dev 😎 AshDiagram is a library for generating beautiful diagrams to visualize your #AshFramework applications. Generate Entity Relationship, Class, C4 Architecture, and Policy diagrams directly from your Ash resources and domains. 🚀

What if the BEAM got hit by a worm? 🪱 We’ve been lucky so far — but luck runs out. The Ægis Initiative is how we defend our ecosystem. 👉 Read more & support: erlef.org/blog/eef/bea... #Erlang #Elixirlag #Gleam

One package. One update. A worm crawling through the BEAM ecosystem. A dark “what if” — and how we can stop it before it’s real. erlef.org/blog/securit... #erlang #elixirlang

There‘s still a bit to go to making this happen. Rebar is an important piece to using erlang not just for erlang, but just as much for elixir, gleam, … Consider backing this effort.

@maennchen.dev has just released the first version of Clarity: hexdocs.pm/clarity/Clar... Clarity is an interactive introspection and visualization tool for Elixir projects.

Cool!!! @maennchen.dev introduces Clarity! @ash-hq.org #elixirlang

The first part of the last afternoon gave us insights on how to handle a security disaster, converting from old code to new and our host @lawik.bsky.social showed us thousands of VMs running on the same machine. #goatmire #elixir

Proud to back the Rebar4 Kickstarter — moving the BEAM ecosystem forward with the community. 🙌

Hey folks, we have a CVE for #AshFramework. `before_transaction` hooks will execute in certain scenarios (bulk action calls) even if the action is forbidden by policies. Please update Ash core to 3.5.39. For more see: github.com/ash-project/... #AshFramework #ElixirLang

Stretch goal 2 (inclusion in Erlang/OTP itself) would solve the #1 thing people get stuck on when trying to get started with Gleam or Erlang! www.kickstarter.com/projects/pee...

I just backed From Rebar3 to Rebar4: Integrating with Erlang/OTP on @kickstarter.com www.kickstarter.com/projects/pee... #elixir

Community growth needs collective action Roadmap for outreach and engagement ‪@danj3.bsky.social‬ on taking responsibility for Elixir's future through community championship. #ElixirConfUS

Security incident response: from panic to patch CVEs, Hex retirement, vulnerability scanners ‪@maennchen.dev‬shows how to handle security disasters with transparency and leadership.

Had a great chat with @zachdaniel.dev and @maennchen.dev during a break at @elixirconf.bsky.social about the Erlang Ecosystem Foundation and its role in security. #elixirlang

🚀 6 must-see talks at CodeBEAM Europe 2025: Gleam careers, workflow orchestration, VPP with Elixir, security disasters, BEAM+Rust combo, and taming 20M Oban jobs! Featuring @ihh.dev @maennchen.dev codebeameurope.com#register

👉🏽 "From Freakout to Fix: Navigating a Security Disaster" Our Foundation's CISO - @maennchen.dev - will be speaking at @elixirconf.bsky.social on how to handle serious security holes — without melting down. 📢 Don’t miss it: elixirconf.com/talks/from-f... #ElixirLang #Security #BEAM

🎙️ @maennchen.dev joins the latest @openssf.org podcast! In this SOSS episode, he shares how the Erlang community is proactively addressing security concerns, why manufacturers are investing in upstream projects — and what other ecosystems can learn from their approach. Listen! shorturl.at/iKdG7

🎉 Today we celebrate #OpenSSFCommunity Day NA 2025, welcoming six new member organizations and honoring incredible contributors with the Golden Egg Awards 🥚. Read the full update: 🌐 openssf.org/blog/2025/06... #OpenSSF #OpenSource #SoftwareSecurity #OSS

🙌 Welcome to another #GettingToKnowUs edition! This time we got to meet @maennchen.dev a seasoned developer and lead engineer, with contributions to projects like the certified #OpenID Connect client for the #BEAM. He is currently the CISO of our Foundation. 🔗 erlef.org/blog/marketi...

Watch out folks, there's a CVE for the Erlang zip module. Update to the latest patch release when you can cna.erlef.org/cves/cve-202...

In part two of our talk with @maennchen.dev (CISO at @theerlef.bsky.social), we dive into the real security challenges BEAM developers face. From CVE tracking to practical tips for open source teams, this is about building safer systems from the start, not patching them too late. 🎥 bit.ly/45WjT3y

Security is most effective when it is built in from day one. In part one of our latest webinars with @maennchen.dev, CISO @theerlef.bsky.social, he shares his experience using SAFE, our security audit service for Erlang and Elixir systems. 🔒

Elixir 1.19 is a banger! Honestly I'm so pleased with the direction that #ElixirLang is going. My programs just get faster and more correct every time. I just know that we're in good hands. Thank you to everyone on the team for your hard work! github.com/elixir-lang/...

🔐Security and the BEAM Ecosystem In this insightful session organized by @erlangsolutions.bsky.social, @maennchen.dev — CISO at our Foundation —shares how the BEAM community is stepping up its open source security efforts, including becoming an official CNA www.erlang-solutions.com/webinars/sec...

Did the required work this morning to get #AshFramework passing the OpenSSF Best Practices certification, and to get our OpenSSF Scorecard. Thanks again to @maennchen.dev from @theerlef.bsky.social for his expert council and advice. See the scorecard here: scorecard.dev/viewer/?uri=... #ElixirLang

🎥 What’s new at the EEF? Alistair Woodman, @maennchen.dev & Dan Janowski share big updates: 🔐 We’ve joined the CVE® Program as an official CNA 🛡️ Launched the Ægis Initiative to boost security Must-watch for the BEAM community! ▶ youtu.be/5WqMpSt_rRE

Not an Ash talk. Not an Igniter talk. Is easy to couple Zach Daniel to his massive efforts in the Ash framework but ever since I met him the phrase "Elixir ride or die" live rent-free in my head. I must not say much about the talk itself. You need to see it. goatmire.com/speaker/zach... #elixirlang

Serious monday for a serious topic. Navigating security problems doesn't have to be all dread and cold sweat. Jonatan Männchen is the CISO of the Erlang Ecosystem Foundation. He will take you on the journey in his talk to get you ready. goatmire.com/speaker/jona... #elixirlang

✨Thanks to everyone who joined our talk at @elixirconf.bsky.social! We loved sharing everything we’ve been working on — from the Foundation to the community. Big shoutout to all the amazing speakers for the inspiring lightning talks, and to everyone who made this event so special! #Elixirlang

#ElixirLang ❤️ @theerlef.bsky.social I firmly believe the EEF will play an ever increasing role in the success of the Elixir ecosystem, and I intend to do my part to support them in this effort. Our community is growing and the need for coordination on things that impact us all grows alongside it. 👇

The EEF board 2025 Election Vote is over! 🗳 Cohort C contains the following new three members: @lawik.bsky.social, Lee Barney, @zachdaniel.dev 👏 We’re thankful for everyone who decided to get involved by running, and those who made their voices heard by voting. erlef.org/blog/eef/ele...

Erlang Ecosystem Foundation is now a CVE Numbering Authority (CNA) assigning CVE IDs for vulnerabilities in active packages on Hex.pm + projects on GitHub under elixir-lang, erlang, erlef-cna, erlef, gleam-lang, & hexpm, unless covered by the scope of another CNA cve.org/Media/News/i...

🚨We’ve officially joined the CVE® Program as an authorized CVE Numbering Authority! 🔐 This means we can now assign CVE IDs to publicly disclosed cybersecurity vulnerabilities in our defined scope, helping improve security and transparency in the broader open-source community shorturl.at/0bOxC

📢 New API Key strategy for @ash-hq.org merged 🎉. github.com/team-alembic... Massive shoutout (once again) to @maennchen.dev at @theerlef.bsky.social for his invaluable guidance on implementing this securely. #AshFramework #ElixirLang

💫Just released: a GitHub Action to submit Elixir/Mix dependencies via GitHub's Dependency Submission API. ✅ Perfect for unlocking security alerts, dependency graphs, and Dependabot Security updates! Check it out: github.com/erlef/mix-de... #Elixirlang

📢Why did we launch the Ægis Initiative? Because we believe a safer BEAM ecosystem benefits us all 🔒Elevate ecosystem-wide security ✅Streamline compliance readiness 🤝Foster trust and transparency 🌍Democratize access to advanced security 🚀Enable secure publishing workflows security.erlef.org/aegis/

BREAKING. From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.

Hey folks, we have a minor CVE issued for AshAuthentication. Please read the CVE and update accordingly. Relatively low severity, can't compromise a users data, but there is an opportunity for a user to be "confirmed" for an email they do not have access to. github.com/team-alembic...

🔐 Big news from the #Gleam community! The EEF Security Working Group helped @gleam.run include Build SBoMs and SLSA build provenance for all release artifacts and Docker images. This means greater visibility into dependencies and stronger software supply chain security💪 github.com/gleam-lang/g...

💜Join the Erlang Ecosystem Foundation! 🙌 Be part of a global community! Whether you're looking to connect, contribute, or stay informed, there’s a membership level for you! 👉Learn more: members.erlef.org/join-us #Erlang #Elixirlang #Gleam

👉Why join the @erlangworkshop.bsky.social? A while ago, we talked with Kiko Fernández Reyes from the program committee. If you work in industry, are an academic, or want to participate, listen to why this event matters! 💥 youtu.be/lSm8-jA-gsM?... #Erlang #MyElixirStatus #Gleam

🔒Big news! The EEF Security WG has launched the Supply Chain Security & Compliance Initiative! This initiative is focused on enhancing security and compliance across the BEAM ecosystem. All work is guided and reviewed by the WG and the EEF CISO security.erlef.org/aegis/ #Erlang #Elixirlang #Gleam