January 22, 2020

149 words 1 min read

OSS CVE Trends

OSS CVE Trends

Nowadays security incident is increasing more and more. Then lots of vendor/community/institute are making efforts to find vulnerability on software. Not only commercial software, but also OSS is havi …
Talk Title OSS CVE Trends
Speakers Kazuki Omo (Executive Officer, SIOS Technology Inc.)
Conference Open Source Summit Japan
Conf Tag
Location Tokyo, Japan
Date May 31-Jun 2, 2017
URL Talk Page
Slides
Video Talk Video

Nowadays security incident is increasing more and more. Then lots of vendor/community/institute are making efforts to find vulnerability on software. Not only commercial software, but also OSS is having vulnerability (remember HeartBleed, DirtyCow, and so on). Then lots of security researchers are reporting vulnerability and publish it with CVE-ids which is assigned by MITRE. In this Presentation, Kazuki Omo will report recently trends of OSS CVE (2015-2017), and tell what kind of vulnerability are focused nowadays and how you can get vulnerability information quickly.

security oss incident vulnerability
comments powered by Disqus
How to launch and run a successful bug bounty program: A security team perspective

How to launch and run a successful bug bounty program: A security team perspective

January 22, 2020

Launching a bug bounty program is hard. Running and maintaining a successful bug bounty program is even harder. Using real-world stories of both failure and success, Alexandra Ulsh details how Mapbox's security team used tools, processes, automation, and empathy to decrease response time by 90%, reduce noise, and improve average report quality for its bug bounty program.
Enterprise security: A new hope

Enterprise security: A new hope

January 22, 2020

The frequency and impact of recent high-profile breaches has been positively depressing. However, a new type of security engineering is taking root, which suggests hope for effective corporate security at enterprise scale. Haroon Meer highlights these hopeful examples in a bid to encourage more people to plot a course toward achievable security.
Secure coding practices and automated assessment tools

Secure coding practices and automated assessment tools

January 22, 2020

Drawing from their experience performing vulnerability assessments of critical middleware, Bart Miller and Elisa Heymann walk you through the programming practices that can lead to security vulnerabilities and demonstrate how to automate tools for finding security weaknesses. You'll learn skills critical for software developers and analysts concerned with security.
Live Patching, Virtual Machine Introspection and Vulnerability Management: A Primer and Practical Guide

Live Patching, Virtual Machine Introspection and Vulnerability Management: A Primer and Practical Guide

January 21, 2020

The talk covers several technologies and best practices to managing Security Vulnerabilities, which are told as interconnected stories. We will cover how the largest clouds in production came togeth …
Securing Your DNS Infrastructure in 5 Minutes

Securing Your DNS Infrastructure in 5 Minutes

January 21, 2020

DNS is critical to the operation of just about every organization operating today, but too many organizations overlook DNS as part of their security plan. This talk provides a practical step by step guide to ensuring an organization's DNS is secure.
Shifting to security awareness 2.0

Shifting to security awareness 2.0

January 21, 2020

Jason Hoenich explores the risks related to delivering poor awareness programs rather than adapting to changing needs and demands of the attack surface and learning behaviors of humans. Incorporating the key fundamental behavioral psychology nodes for establishing true culture change, and making the experience of the end user will move our programs to Security Awareness 2.0.