2024-08-03, 10:00–10:30 (Asia/Taipei), TR413-1
This talk is about best practices FOSS projects can use to preempt and respond to vulnerabilities. How security reports are received and how security patches are announced makes a huge impact on overall security. A few precautions and a plan goes a long way to protect end users. For example, every project should have a Security Policy so that researchers know where to report an issue. And a plan for who to notify during coordinated response disclosure will make communication smoother. This talk is for FOSS projects who want to protect their users by taking responsibility of their security.
I am an Ubuntu Security member who focuses on security maintenance, auditing software, coordinating vulnerabilities, and working to harden Ubuntu compiler flags.