Overview
Learn about the 8-year security journey of the Zephyr project in this 29-minute conference talk presented by Kate Stewart from The Linux Foundation. Discover how this open-source IoT project addressed the challenge of standardizing security best practices since its 2016 launch. Explore the implementation of crucial security measures, including the establishment of a CVE Numbering Authority and the formation of a volunteer-based PSIRT team comprising professionals from various companies. Gain valuable insights into managing embargo windows, handling bulk vulnerability reports, and addressing community-reported security issues. Take away key lessons from Zephyr's successful implementation of security best practices that can be applied to other open-source projects.
Syllabus
Lessons Learned on Following Security Best Practices in Zephyr - Kate Stewart, The Linux Foundation
Taught by
Linux Foundation