Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Surviving the CVE Firehose: Strategies for Open Source Product Security

Linux Foundation via YouTube

Overview

Explore strategies for managing and surviving the onslaught of security vulnerabilities in open source products. Learn about Common Vulnerability Enumeration (CVE) IDs, privately known security vulnerabilities, and 0-day vulnerabilities. Discover techniques to effectively manage product security, improve over time, and avoid feeling overwhelmed. Gain insights into the nature of security vulnerabilities, the importance of update mechanisms, and methods for tracking vulnerabilities. Examine concepts such as attackable surface area, privilege management, and code reviews. Consider the value of seeking outside expertise and understand the potential for including CVE messages in kernel commits. Equip yourself with the knowledge to protect your open source product and thrive in the face of constant security challenges.

Syllabus

Introduction
What is a security vulnerability
The Venn diagram
What are security vulnerabilities
Is it secure
Is it compromised
Is it vulnerable
WordPress vulnerability
Traditional hacker
Money
Chromium Bug Bounty
How Much Do They Pay
What Is A CVE
The Silent Bug Fix
How Does This Help Me
Include An Update Mechanism
How To Track Vulnerabilities
Ikey Aikido Dirty
Attackable Surface Area
Privilege
Code Reviews
Should an outside company seek outside expertise
Are there plans to put CVE messages in kernel commits

Taught by

Linux Foundation

Reviews

Start your review of Surviving the CVE Firehose: Strategies for Open Source Product Security

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.