Loading…
Attending this event?
August 19-21 - Co-Located Events
August 21-23 - Conference
Hilton San Diego Bayfront - San Diego, CA
More information for Open Source Summit + Embedded Linux Conference North America 2019
Wednesday, August 21 • 5:10pm - 5:45pm
Open Source CVE Monitoring and Management: Cutting Through the Vulnerability Storm - Akshay Bhat, Timesys*

Sign up or log in to save this to your schedule and see who's attending!

Log in to leave feedback.
A key aspect to maintaining device security is monitoring and addressing known vulnerabilities in open source software in a timely fashion. This presentation will help you get started with the process of monitoring CVE's, determining applicability, assessing the severity and finding fixes.

We take a deeper dive into some of the challenges in tracking CVE's due to NVD/MITRE feeds having incorrect/missing data, leading to missed vulnerabilities and a false sense of security. The problem is compounded by inaccuracies in scanning tools and the way fixes are tagged in build systems resulting in a alarming number of false positives.

We review the CVE's reported by cve-check-tool in Yocto and determine the root cause for inaccuracies. We also discuss techniques to mitigate the issues so that the entire community can benefit. This presentation will enable you to improve your device security posture.

Speakers
avatar for Akshay Bhat

Akshay Bhat

Technical Director - Security, Timesys
Akshay Bhat is Technical Director – Security at Timesys. Akshay’s experience with embedded systems spans a broad range of industries with a focus on board bring-up, driver development and software security. Akshay received his MS in Electrical Engineering from NYU Polytechnic... Read More →



Wednesday August 21, 2019 5:10pm - 5:45pm
Indigo BF
  • Session Slides Included Yes
  • Session Recorded Yes