Explore strategies for managing and surviving the onslaught of security vulnerabilities in open source products. Learn about Common Vulnerability Enumeration (CVE) IDs, privately known security vulnerabilities, and 0-day vulnerabilities. Discover techniques to effectively manage product security, improve over time, and avoid feeling overwhelmed. Gain insights into the nature of security vulnerabilities, the importance of update mechanisms, and methods for tracking vulnerabilities. Examine concepts such as attackable surface area, privilege management, and code reviews. Consider the value of seeking outside expertise and understand the potential for including CVE messages in kernel commits. Equip yourself with the knowledge to protect your open source product and thrive in the face of constant security challenges.
Surviving the CVE Firehose: Strategies for Open Source Product Security
Overview
Syllabus
Introduction
What is a security vulnerability
The Venn diagram
What are security vulnerabilities
Is it secure
Is it compromised
Is it vulnerable
WordPress vulnerability
Traditional hacker
Money
Chromium Bug Bounty
How Much Do They Pay
What Is A CVE
The Silent Bug Fix
How Does This Help Me
Include An Update Mechanism
How To Track Vulnerabilities
Ikey Aikido Dirty
Attackable Surface Area
Privilege
Code Reviews
Should an outside company seek outside expertise
Are there plans to put CVE messages in kernel commits
Taught by
Linux Foundation
Tags
Related Courses
-
Matching CVEs and Source Code for Vulnerability Detection
-
Open Source CVE Monitoring and Management - Cutting Through the Vulnerability Storm
-
Open Source Approaches to Security for Applications and Services - Mozilla Case Study
-
Open Source Supply Chain Threat Landscape - A Moving Target
-
Are We Forever Doomed to Software Supply Chain Security?
