Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore vulnerability management strategies for Yocto-based Linux systems in this 42-minute conference talk from the Linux Foundation. Examine the challenges manufacturers face with EU Cyber Resilience Act (CRA) compliance, which requires vulnerability reporting starting September 2026. Compare multiple vulnerability management approaches including cve-check, yocto-vex-check, and third-party tools through practical use cases relevant to CRA-covered manufacturers. Analyze the effectiveness of each method using Software Bills of Materials (SBOMs) and Vulnerability Exploitability eXchange (VEX) documents. Learn about Fujitsu's extensive experience supporting SPDX functionality in the Yocto Project since 2016 and their recent OpenSSF participation to enhance global software supply chain security. Discover the strengths and limitations of current vulnerability management practices in Yocto-based systems and gain insights into selecting the most appropriate approach based on specific manufacturing contexts and regulatory requirements.
