Explore a comprehensive presentation on CVE management and security initiatives within the Yocto Project ecosystem. Learn about the Security Response Tool (SRTool) and its role in CVE triage, as well as new proposals to address staffing challenges in this critical process. Discover recent enhancements to SRTool that integrate with Yocto Project's CVE Checker tool, improving analysis capabilities. Delve into the community-wide issue of CVE scanners not recognizing patched packages when version numbers remain unchanged, and examine potential solutions, including the proposed "vendor_pr" system. Gain valuable insights into improving security practices and addressing misconceptions about Yocto Project's security posture.
CVE Triage, CVE Checker Analysis, and Vendor PR in Yocto Project Security - YPS 2023.11
Yocto Project via YouTube
Overview
Syllabus
YPS 2023.11 - 2023/11/30 - David Reyna - CVE Triage, CVE Checker analysis, and “vendor_pr"
Taught by
Yocto Project
Related Courses
-
How to Submit a CVE Fix to the Yocto Project - YPS 2023.11
-
Yocto Project Security: Now and the Future - YPS 2023.11
-
Yocto Project: Hands-on Tutorial with Devtool - YPS 2023.11
-
Detecting and Fixing CVE Security Issues in Yocto-Based Embedded Linux Distributions - Mikko Rapeli
-
Yocto Project Reference Kernel Status Update - YPS 2023.11
-
How to Contribute to the Yocto Project - YPS 2023.11
