Completed
Embedded open source SW inside binaries
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Detecting and Fixing CVE Security Issues in Yocto-Based Embedded Linux Distributions - Mikko Rapeli
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Motivation
- 3 poky reference distribution
- 4 Layered architecture
- 5 Differences between Debian/Ubuntu and yocto?
- 6 Bitbake recipe is the source package
- 7 What is a CVE security issue?
- 8 CVE data fields
- 9 Example CVE
- 10 CPE: Common Platform Enumeration
- 11 CVE data is buggy
- 12 Linux distro users?
- 13 What yocto CVE check does?
- 14 CVE check output for busybox
- 15 Yocto community maintenance
- 16 Update or patch?
- 17 Update minor version
- 18 Full distro version updates
- 19 Problems and limitations in yocto CVE scanning and patching, and CVE scanning in general
- 20 Fix name matching with CVE_PRODUCT
- 21 Fix version matching with CVE_VERSION
- 22 Emedded source code in open source
- 23 Embedded open source SW inside binaries
- 24 Bad CVE data
- 25 Incomplete CVE data
- 26 Too complex patches