Improving FOSS Security By Mark Esler

議題

TR413-1 [[ new Date( '2024-08-03 02:00:00+00:00' ).toLocaleDateString('ja', {year: 'numeric', month: '2-digit', day: '2-digit'}) ]] [[ new Date( '2024-08-03 02:00:00+00:00' ).toLocaleTimeString('zh-Hant', {hour12: false, hour: '2-digit', minute:'2-digit'}) ]] ~ [[ new Date( '2024-08-03 02:30:00+00:00' ).toLocaleTimeString('zh-Hant', {hour12: false, hour: '2-digit', minute:'2-digit'}) ]] 英文 English

加入行事曆加入關注加入關注已關注

This talk is about best practices FOSS projects can use to preempt and respond to vulnerabilities. How security reports are received and how security patches are announced makes a huge impact on overall security. A few precautions and a plan goes a long way to protect end users. For example, every project should have a Security Policy so that researchers know where to report an issue. And a plan for who to notify during coordinated response disclosure will make communication smoother. This talk is for FOSS projects who want to protect their users by taking responsibility of their security.

講者

Mark Esler

I am an Ubuntu Security member who focuses on security maintenance, auditing software, coordinating vulnerabilities, and working to harden Ubuntu compiler flags.

Open Source Policy 開源政策 SDLNEV general (30mins)