This talk is about best practices FOSS projects can use to preempt and respond to vulnerabilities. How security reports are received and how security patches are announced makes a huge impact on overall security. A few precautions and a plan goes a long way to protect end users. For example, every project should have a Security Policy so that researchers know where to report an issue. And a plan for who to notify during coordinated response disclosure will make communication smoother. This talk is for FOSS projects who want to protect their users by taking responsibility of their security.
Session author's bio
I work for the Ubuntu Security Team to do security maintenance, audit software, manage CVE assignments, and answer community questions.
|Level of Difficulty||Beginner|