We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Trends in Open Source Security

Formal Metadata

Title
Trends in Open Source Security
Title of Series
Number of Parts
90
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
When dealing with free and open-source software, we have to work together with reporters, upstream developers and other distributions to protect end users from security threats. For distributions, it is a challenge to deal with a huge collection of software packages, both internally and externally developed, employing many different development procedures. This talk looks at best practices which emerged for vulnerability tracking. Tracking already reported vulnerabilities is only one aspect, however. We discuss tool-chain based hardening features (which can sometimes turn vulnerabilities exploitable for code execution into mere crashers), some remaining low-hanging fruits in this area, and more radical approaches for avoiding low-level vulnerabilities related to memory safety. Some of the APIs we provide are difficult to use, and we look at ways to detect API misuse statically, across an entire distribution.