cross-posted from: https://lemmy.ml/post/20502769

here is the talk description, from its page on the schedule for KubeCon + CloudNativeCon + Open Source Summit China 2024 (which Linux Foundation somehow neglected to put in their youtube upload’s description):

In Febuary the Linux kernel community took charge of issuing CVEs for any found vulnerability in their codebase. By doing this, they took away the ability for any random company to assign CVEs in order to make their engineering processes run smoother, and instead have set up a structure for everyone to participate equally.

This talk will go into how the Linux CVE team works, how CVEs are assigned, and how you can properly handle the huge number of new CVEs happening in a simple and secure way.

今年二月,Linux内核社区开始负责为其代码库中发现的任何漏洞发布CVE编号。通过这样做,他们剥夺了任何随机公司分配 CVE 的能力,以便使他们的工程流程更顺畅,取而代之的是建立了一个人人平等参与的结构。

本次演讲将介绍 Linux CVE 团队的工作方式,CVE 的分配过程,以及如何以简单且安全的方式妥善处理大量新出现的 CVE。

Here is a PDF of the slides from Greg’s git repo for this talk.

    • Lucy :3@feddit.org
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      The joke doesn’t really make sense, Rust should only lower security problems. Except if C devs now try to use their old style of coding in Rust, with unsafe Rust.

      • thingsiplay@beehaw.org
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        That’s the entire joke. It makes sense BTW. Just because Rust is in the Kernel, we blame it for the problems. Especially spicy, because it is meant to make it more secure. The opposite effect is here the joke. You may not find it funny, but it makes perfectly sense as a joke.