Edinburgh, Scotland, UK
October 21 & October 25 | Co-Located Events, Tutorials, & Workshops
October 22-24 | Conference
Find out more information for Open Source Summit + Embedded Linux Conference & OpenIoT Summit Europe 2018

Please note that you can view and download presentations on the Open Source Summit and Embedded Linux Conference + OpenIoT Summit slides pages. 
View analytic
Monday, October 22 • 16:15 - 16:55
Setting up a Security Team for Your Project - Kate Stewart, The Linux Foundation & David Wheeler, Institute for Defense Analyses

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Great, you've put out your first release for your FLOSS project, but now someone has noticed there may be a problem. Bugs happen, and some of them may even be security vulnerabilities. How do you work with your project members to form a team for handling security concerns and deal with embargoes? This talk will go through some of the best practices as articulated in the CII badging program, that help a team prepare to handle security issues. As well it will overview the steps to become a CVE numbering authority (CNA), able to issue CVE's for your open source project. Zephyr project will be used as a case study to illustrate how these best practices have been applied.

avatar for Kate Stewart

Kate Stewart

Sr. Director of Strategic Programs, Linux Foundation
Kate Stewart is a Senior Director of Strategic Programs, responsible for the Open Compliance programs encompassing the SPDX, FOSSology, OpenChain, and other compliance related projects. Kate was one of the founders of SPDX, and is currently the specification lead. Since joining... Read More →

David Wheeler

Research Staff Member, Institute for Defense Analyses
Project lead for Core Infrastructure Initiative Best Practices program.

Monday October 22, 2018 16:15 - 16:55
Cromdale Hall A, Level -2

Attendees (127)