Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

OSV and the Life of an Open Source Vulnerability

OpenSSF via YouTube

Overview

Explore the challenges and solutions in managing open source vulnerabilities through this 24-minute conference talk by Andrew Pollock from Google. Dive into the world of OSV (Open Source Vulnerabilities) and learn how it addresses the complexities of vulnerability management throughout the software development life cycle. Discover the OSV Schema, its adoption across various open source ecosystems, and its role in creating a comprehensive, distributed vulnerability database. Examine real-world implementations of the OSV Schema and its application in solving challenges related to C/C++ library vulnerabilities. Follow the journey of a typical software development life cycle, focusing on vulnerability remediation and the integration of OSV. Gain insights into reducing false positives, auto-generating VEX statements, and implementing a "guided remediation" workflow to efficiently address known vulnerabilities in dependency graphs.

Syllabus

OSV and the Life of an Open Source Vulnerability - Andrew Pollock, Google

Taught by

OpenSSF

Reviews

Start your review of OSV and the Life of an Open Source Vulnerability

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.