Preparing for Zero-Day: Disclosure of security vulnerabilities in open source software

Preparing for Zero-Day: Disclosure of security vulnerabilities in open source software

HomeThe Linux FoundationPreparing for Zero-Day: Disclosure of security vulnerabilities in open source software
The Linux Foundation Available on Youtube Published 2 years ago
Preparing for Zero-Day: Disclosure of security vulnerabilities in open source software
ChannelPublish DateThumbnail & View CountDownload Video
Channel AvatarPublish Date not found Thumbnail
0 Views
View on YouTube Download Video
Preparing for Zero-Day: Disclosing Vulnerabilities in Open Source Software – Christopher Robinson, Intel; Anne Bertucio, Google & Art Manion, Carnegie Mellon University Software Engineer Institute

Open source software (OSS) is incredibly powerful – and while that power is often used for good, it can also be weaponized when OSS projects have software security vulnerabilities that attackers can exploit to compromise those systems, or even the entire software supply chains that those systems are part of. The Open Source Security Foundation is an open, cross-industry group whose goal is to improve the security of the open source ecosystem. In this presentation, members of the OpenSSF Vulnerability Disclosure Working Group give open source maintainers advice on what to do when researchers disclose vulnerabilities in your project's code – and we'll also answer any questions you may have about this often mysterious topic!

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.