Overview
Explore the challenges and solutions in managing open source vulnerabilities through this 24-minute conference talk by Andrew Pollock from Google. Dive into the world of OSV (Open Source Vulnerabilities) and learn how it addresses the complexities of vulnerability management throughout the software development life cycle. Discover the OSV Schema, its adoption across various open source ecosystems, and its role in creating a comprehensive, distributed vulnerability database. Examine real-world implementations of the OSV Schema and its application in solving challenges related to C/C++ library vulnerabilities. Follow the journey of a typical software development life cycle, focusing on vulnerability remediation and the integration of OSV. Gain insights into reducing false positives, auto-generating VEX statements, and implementing a "guided remediation" workflow to efficiently address known vulnerabilities in dependency graphs.
Syllabus
OSV and the Life of an Open Source Vulnerability - Andrew Pollock, Google
Taught by
OpenSSF