Improving FOSS Security

By Mark Esler

議題

Improving FOSS Security

TR413-1 [[ new Date( '2024-08-03 02:00:00+00:00' ).toLocaleDateString('ja', {year: 'numeric', month: '2-digit', day: '2-digit'}) ]] [[ new Date( '2024-08-03 02:00:00+00:00' ).toLocaleTimeString('zh-Hant', {hour12: false, hour: '2-digit', minute:'2-digit'}) ]] ~ [[ new Date( '2024-08-03 02:30:00+00:00' ).toLocaleTimeString('zh-Hant', {hour12: false, hour: '2-digit', minute:'2-digit'}) ]] 英文 English
加入行事曆 加入關注 加入關注 已關注

This talk is about best practices FOSS projects can use to preempt and respond to vulnerabilities. How security reports are received and how security patches are announced makes a huge impact on overall security. A few precautions and a plan goes a long way to protect end users. For example, every project should have a Security Policy so that researchers know where to report an issue. And a plan for who to notify during coordinated response disclosure will make communication smoother. This talk is for FOSS projects who want to protect their users by taking responsibility of their security.

講者

Mark Esler

Mark Esler

I am an Ubuntu Security member who focuses on security maintenance, auditing software, coordinating vulnerabilities, and working to harden Ubuntu compiler flags.

Open Source Policy 開源政策 SDLNEV general (30mins)