Learn about the 8-year security journey of the Zephyr project in this 29-minute conference talk presented by Kate Stewart from The Linux Foundation. Discover how this open-source IoT project addressed the challenge of standardizing security best practices since its 2016 launch. Explore the implementation of crucial security measures, including the establishment of a CVE Numbering Authority and the formation of a volunteer-based PSIRT team comprising professionals from various companies. Gain valuable insights into managing embargo windows, handling bulk vulnerability reports, and addressing community-reported security issues. Take away key lessons from Zephyr's successful implementation of security best practices that can be applied to other open-source projects.
Lessons Learned on Following Security Best Practices in Zephyr
Overview
Syllabus
Lessons Learned on Following Security Best Practices in Zephyr - Kate Stewart, The Linux Foundation
Taught by
Linux Foundation
Tags
Related Courses
-
Zephyr Project - Results from Applying Open Source and Security Best Practices
-
Zephyr RTOS - Applying Open Source Best Practices
-
SBOM Everywhere - Understanding Software Bill of Materials
-
SBOMs: Essential for Embedded Systems
-
The Zephyr Project Security Overview, Progress, and Status
-
Zephyr Project - An RTOS to Change the Face of IoT
