Presented by: Jonatan Männchen – CISO at Erlang Ecosystem Foundation
Moderated by: Dali Khechine – SAFE team at Erlang Solutions
About this talk
Welcome to the second and final part of our conversation with Jonatan Männchen. In part one (SAFE and OIDC), he shared his experience using Erlang Solutions’ Security Audit for Erlang and Elixir (SAFE) to review an OpenID Connect (OIDC) client library for the BEAM ecosystem.
This time, the focus turns to the practical security challenges developers face when working with BEAM-based languages. Jonatan explains how the Erlang Ecosystem Foundation became a CVE Numbering Authority (CNA), what that means for package maintainers, and how the process of reporting and tracking vulnerabilities is being made more practical and useful.
While the session focuses on the BEAM ecosystem, the advice is relevant to any team looking to improve how they manage and prioritise security in open source software.
Jonatan also shares examples of what can go wrong when security is treated as an afterthought, from slow patching to fragile systems that cannot scale. He outlines practical steps that maintainers and teams can take to avoid common mistakes and build more secure foundations from the start.
What you’ll learn:
- Why the EEF became a CNA and how it helps the BEAM community
- Common security risks developers overlook and how to avoid them
- How can better vulnerability tracking and tooling reduce future problems
- Why early, simple steps toward security save time and effort later
Resources mentioned:
