Explore a research presentation examining current open-source software vulnerability disclosure practices through an analysis of security advisories and bug bounty reports. Gain insights from interviews with 17 OSS maintainers and collaboration with MITRE to address bottlenecked CVEs. Learn about key challenges in vulnerability review processes, critical gaps in the National Vulnerability Database documentation, and ranked difficulties faced by OSS maintainers in vulnerability management. Discover actionable recommendations for enhancing project security, improving review efficiency, and implementing more effective vulnerability disclosure practices across the open-source ecosystem. Understand the current state of OSS security and its implications for maintainers, contributors, vulnerability database administrators, and the broader open-source community.
A Glimpse Into Open Source Software Vulnerability Disclosure Practices
Overview
Syllabus
A Glimpse Into OSS Vulnerability Disclosure Practices - Jessy Ayala, UC Irvine
Taught by
OpenSSF
Related Courses
-
Preparing for Zero-Day: Vulnerability Disclosure in Open Source Software
-
What You Need to Know and Do About Vulnerability Disclosure
-
The Role of Empathy in Vulnerability Disclosure Practices for Software Vendors - 2017
-
Nix zu verstecken! Erstellung und Veröffentlichung von CVEs für Open Source Software
-
Vulnerability Disclosure, Governments and You
-
Coordinated Vulnerability Disclosure - You’ve Come a Long Way, Baby
