Open Source CVE Monitoring and Management: Cutting Through the Vulnerability Storm Presentation

This Embedded Linux Conference 2019 session is being presented by Akshay Bhat, Director of Engineering, Security Solutions at Timesys.


Session Date & Time: August 21, 2019 | 5:10 PM – 5:45 PM
#ossummit  |  #lfelc

Open Source CVE Monitoring and Management: Cutting Through the Vulnerability Storm

Session Description:

A key aspect to maintaining device security is monitoring and addressing known vulnerabilities in open source software in a timely fashion. This presentation will help you get started with the process of monitoring CVEs, determining applicability, assessing the severity and finding fixes.

We take a deeper dive into some of the challenges in tracking CVEs due to NVD/MITRE feeds having incorrect/missing data, leading to missed vulnerabilities and a false sense of security. The problem is compounded by inaccuracies in scanning tools and the way fixes are tagged in build systems resulting in an alarming number of false positives.

We review the CVEs reported by cve-check-tool in Yocto and determine the root cause for inaccuracies. We also discuss techniques to mitigate the issues so that the entire community can benefit. This presentation will enable you to improve your device security posture.

You can follow Akshay’s security blogs at www.timesys.com/author/akshay_bhat.

Akshay Bhat

Have questions about securing your embedded product and maintaining a strong security posture throughout its product lifecycle? Feel free to reach out to Akshay directly.

Email Akshay

Timesys TRST Security Solutions    Timesys TRST Security Services including secure boot    Timesys Security Services no-obligation consultation

Could you benefit from a no-obligation,
30-minute security services consultation?

Simply fill out the form or email us at sales@timesys.com, and we will be in touch within one business day to schedule a date and time that works for you. Or you can call us at 1.866.392.4897 (toll-free) or +1.412.232.3250.

* Denotes required field.