CVE Triage, CVE Checker Analysis, and Vendor PR in Yocto Project Security - YPS 2023.11
Yocto Project via YouTube
AI Engineer - Learn how to integrate AI into software applications
Learn the Skills Netflix, Meta, and Capital One Actually Hire For
Overview
Build a Learning Habit
Download Class Central's free printable study calendar
Download for Free
Explore a comprehensive presentation on CVE management and security initiatives within the Yocto Project ecosystem. Learn about the Security Response Tool (SRTool) and its role in CVE triage, as well as new proposals to address staffing challenges in this critical process. Discover recent enhancements to SRTool that integrate with Yocto Project's CVE Checker tool, improving analysis capabilities. Delve into the community-wide issue of CVE scanners not recognizing patched packages when version numbers remain unchanged, and examine potential solutions, including the proposed "vendor_pr" system. Gain valuable insights into improving security practices and addressing misconceptions about Yocto Project's security posture.
Syllabus
YPS 2023.11 - 2023/11/30 - David Reyna - CVE Triage, CVE Checker analysis, and “vendor_pr"
Taught by
Yocto Project