Overview
Explore a research presentation examining current open-source software vulnerability disclosure practices through an analysis of security advisories and bug bounty reports. Gain insights from interviews with 17 OSS maintainers and collaboration with MITRE to address bottlenecked CVEs. Learn about key challenges in vulnerability review processes, critical gaps in the National Vulnerability Database documentation, and ranked difficulties faced by OSS maintainers in vulnerability management. Discover actionable recommendations for enhancing project security, improving review efficiency, and implementing more effective vulnerability disclosure practices across the open-source ecosystem. Understand the current state of OSS security and its implications for maintainers, contributors, vulnerability database administrators, and the broader open-source community.
Syllabus
A Glimpse Into OSS Vulnerability Disclosure Practices - Jessy Ayala, UC Irvine
Taught by
OpenSSF