Loopconf happened last week and there are a bunch of amazing sessions that are available online. One that really jumped out to me was Andrew Nacin session on a pretty big fix that took a number of years to fix.
Andrew Nacin, lead developer of WordPress, just finished a talk at Loopconf, where he talked about a series of related WordPress security fixes that spanned two years, with the final fix included into WordPress core under the guise of Emoji support.
Source: The trojan Emoji | Post Status