August 19-21 - Co-Located Events
August 21-23 - Conference
Hilton San Diego Bayfront - San Diego, CA
More information for Open Source Summit + Embedded Linux Conference North America 2019
Back To Schedule
Wednesday, August 21 • 5:10pm - 5:45pm
Open Source CVE Monitoring and Management: Cutting Through the Vulnerability Storm - Akshay Bhat, Timesys*

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
A key aspect to maintaining device security is monitoring and addressing known vulnerabilities in open source software in a timely fashion. This presentation will help you get started with the process of monitoring CVE's, determining applicability, assessing the severity and finding fixes.

We take a deeper dive into some of the challenges in tracking CVE's due to NVD/MITRE feeds having incorrect/missing data, leading to missed vulnerabilities and a false sense of security. The problem is compounded by inaccuracies in scanning tools and the way fixes are tagged in build systems resulting in a alarming number of false positives.

We review the CVE's reported by cve-check-tool in Yocto and determine the root cause for inaccuracies. We also discuss techniques to mitigate the issues so that the entire community can benefit. This presentation will enable you to improve your device security posture.


Akshay Bhat

CTO, Timesys
Akshay Bhat is CTO at Timesys. Akshay’s experience with embedded systems spans a broad range of industries with a focus on board bring-up, driver development and software security. Akshay received his MS in Electrical Engineering from NYU Polytechnic University.Akshay has presented... Read More →

Wednesday August 21, 2019 5:10pm - 5:45pm PDT
Indigo BF
  Embedded Linux Conference
  • Session Slides Included Yes
  • Session Recorded Yes