A huge part of the appeal of free software is the security offered by the openess of the code, but this only work if people actually look at code to find security issues. In this talk, we will take a look at the most common patterns of security issues, how can they be spotted using specific tools or just by looking and where should you look in priority to find something exploitable. We will then show how you should react if you found a bug, how to get a CVE and what happen after.
