Trends in Open Source Security

Zitieren

FOSDEM VZW

Weimer, Florian

Formale Metadaten

Titel

Trends in Open Source Security

Serientitel

FOSDEM 2013

Anzahl der Teile

Autor

Weimer, Florian

Lizenz

CC-Namensnennung 2.0 Belgien:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.

Identifikatoren

10.5446/40335 (DOI)

Herausgeber

FOSDEM VZW

Erscheinungsjahr

2014

Sprache

Englisch

Inhaltliche Metadaten

Fachgebiet

Informatik

Genre

Konferenz/Talk

Abstract

When dealing with free and open-source software, we have to work together with reporters, upstream developers and other distributions to protect end users from security threats. For distributions, it is a challenge to deal with a huge collection of software packages, both internally and externally developed, employing many different development procedures. This talk looks at best practices which emerged for vulnerability tracking. Tracking already reported vulnerabilities is only one aspect, however. We discuss tool-chain based hardening features (which can sometimes turn vulnerabilities exploitable for code execution into mere crashers), some remaining low-hanging fruits in this area, and more radical approaches for avoiding low-level vulnerabilities related to memory safety. Some of the APIs we provide are difficult to use, and we look at ways to detect API misuse statically, across an entire distribution.