Upstream 2024 | How can we get CVEs out of GitHub Issues?

Поделиться
HTML-код
  • Опубликовано: 4 июн 2024
  • In this session I'll give an overview of what the problem is with submitting CVEs to GitHub issues-why it's frustrating for compliance teams and maintainers both. I'll cover the nature of vulnerability scanners and compliance requirements that make security teams submit numerous unvalidated vulnerabilities upstream. I'll also talk about why these reports drive maintainers crazy, and the current standards are unrealistic. I'll then highlight how the solution to this problem comes from both sides: clearer maintainer security policies and better understanding of what compliance requirements actually are. I'll talk about why Argo's security policy is a great starting place, and that vulnerability scanners need to focus on upstream direct dependencies instead of the endless transitive dependency pain.
  • НаукаНаука

Комментарии •

Следующие
Автовоспроизведение
Upstream 2024 | How to Make Your Open Source Project Popular20:00Upstream 2024 | How to Make Your Open Source Project Popular
Upstream 2024 | How to Make Your Open Source Project PopularTidelift
Просмотров 70
Upstream 2024 | Patch management needs a revolution41:44Upstream 2024 | Patch management needs a revolution
Upstream 2024 | Patch management needs a revolutionTidelift
Просмотров 115
The Secret to Vulnerability Management58:18The Secret to Vulnerability Management
The Secret to Vulnerability ManagementSANS Institute
Просмотров 18 тыс.
Despicable Mr. Puzzles16:42Despicable Mr. Puzzles
Despicable Mr. PuzzlesSMG4
Просмотров 1,4 млн
Lies Lies Lies03:19Lies Lies Lies
Lies Lies LiesMorgan Wallen - Topic
Просмотров 562 тыс.
Genshin Impact Version 4.8 Special Program #NewVersion #SpecialProgram #GenshinImpact36:55Genshin Impact Version 4.8 Special Program #NewVersion #SpecialProgram #GenshinImpact
Genshin Impact Version 4.8 Special Program #NewVersion #SpecialProgram #GenshinImpactGenshin Impact
Просмотров 1,2 млн
Sean Rii, Karyon, Sharzkii - Taungule [My Love] (Official Music Video)02:41Sean Rii, Karyon, Sharzkii - Taungule [My Love] (Official Music Video)
Sean Rii, Karyon, Sharzkii - Taungule [My Love] (Official Music Video)Sean Rii
Просмотров 153 тыс.
Upstream 2024 | Panel: New approaches to open source security and resilience from financial services50:32Upstream 2024 | Panel: New approaches to open source security and resilience from financial services
Upstream 2024 | Panel: New approaches to open source security and resilience from financial servicesTidelift
Просмотров 28
An example of how security teams respond to CVEs1:48An example of how security teams respond to CVEs
An example of how security teams respond to CVEsTidelift
Просмотров 20
Learn Jenkins! Complete Jenkins Course - Zero to Hero1:08:28Learn Jenkins! Complete Jenkins Course - Zero to Hero
Learn Jenkins! Complete Jenkins Course - Zero to HeroDevOps Journey
Просмотров 728 тыс.
new linux exploit is absolutely insane8:29new linux exploit is absolutely insane
new linux exploit is absolutely insaneLow Level Learning
Просмотров 424 тыс.
Upstream 2024 | Fireside chat: The value of open source software27:31Upstream 2024 | Fireside chat: The value of open source software
Upstream 2024 | Fireside chat: The value of open source softwareTidelift
Просмотров 69
Why Does Scrum Make Programmers HATE Coding?16:14Why Does Scrum Make Programmers HATE Coding?
Why Does Scrum Make Programmers HATE Coding?Thriving Technologist
Просмотров 501 тыс.
Scanning and Exploiting Vulnerabilities with Nessus!16:33Scanning and Exploiting Vulnerabilities with Nessus!
Scanning and Exploiting Vulnerabilities with Nessus!Tech Raj
Просмотров 3,8 тыс.
Upstream 2024 | Panel: State of the open source maintainer in 202448:09Upstream 2024 | Panel: State of the open source maintainer in 2024
Upstream 2024 | Panel: State of the open source maintainer in 2024Tidelift
Просмотров 60
Upstream 2024: Panel: Life after the xz utils backdoor hack44:42Upstream 2024: Panel: Life after the xz utils backdoor hack
Upstream 2024: Panel: Life after the xz utils backdoor hackTidelift
Просмотров 95
Не заряжает батарею / Робот-пылесос Kitfort | РЕМОНТ05:57Не заряжает батарею / Робот-пылесос Kitfort | РЕМОНТ
Не заряжает батарею / Робот-пылесос Kitfort | РЕМОНТRemonter
Просмотров 36 тыс.
Так ли Хорош Founders Edition RTX 4080 ?13:00Так ли Хорош Founders Edition RTX 4080 ?
Так ли Хорош Founders Edition RTX 4080 ?VIK-off
Просмотров 63 тыс.
PART 52 || DIY Wireless Switch forElectronic Lights - Easy Guide!01:01PART 52 || DIY Wireless Switch forElectronic Lights - Easy Guide!
PART 52 || DIY Wireless Switch forElectronic Lights - Easy Guide!HUBAB__OFFICIAL
Просмотров 28 млн
ПОЧЕМУ ГЕЙМЕРЫ ТАК НЕ ЛЮБЯТ ИЗОГНУТЫЕ МОНИТОРЫ?00:33ПОЧЕМУ ГЕЙМЕРЫ ТАК НЕ ЛЮБЯТ ИЗОГНУТЫЕ МОНИТОРЫ?
ПОЧЕМУ ГЕЙМЕРЫ ТАК НЕ ЛЮБЯТ ИЗОГНУТЫЕ МОНИТОРЫ?dizzi
Просмотров 910 тыс.
Собери ПК и Получи 10,000₽01:00Собери ПК и Получи 10,000₽
Собери ПК и Получи 10,000₽build monsters
Просмотров 2,3 млн
Лучше будет, но нескоро | Ryzen 9000, RTX 50, Core Ultra 200 и NPU | Что с рынком железа?21:49Лучше будет, но нескоро | Ryzen 9000, RTX 50, Core Ultra 200 и NPU | Что с рынком железа?
Лучше будет, но нескоро | Ryzen 9000, RTX 50, Core Ultra 200 и NPU | Что с рынком железа?Мой Компьютер
Просмотров 166 тыс.
Сравнили apple и xiaomi!00:21Сравнили apple и xiaomi!
Сравнили apple и xiaomi!По ту сторону Гугла
Просмотров 33 тыс.
he followed the finger movements #shortvideo #iphonefold #smartphone00:14he followed the finger movements #shortvideo #iphonefold #smartphone
he followed the finger movements #shortvideo #iphonefold #smartphoneSi pamerR
Просмотров 14 млн