cross-posted from: https://lemmy.ml/post/20502769

here is the talk description, from its page on the schedule for KubeCon + CloudNativeCon + Open Source Summit China 2024 (which Linux Foundation somehow neglected to put in their youtube upload’s description):

In Febuary the Linux kernel community took charge of issuing CVEs for any found vulnerability in their codebase. By doing this, they took away the ability for any random company to assign CVEs in order to make their engineering processes run smoother, and instead have set up a structure for everyone to participate equally.

This talk will go into how the Linux CVE team works, how CVEs are assigned, and how you can properly handle the huge number of new CVEs happening in a simple and secure way.

今年二月,Linux内核社区开始负责为其代码库中发现的任何漏洞发布CVE编号。通过这样做,他们剥夺了任何随机公司分配 CVE 的能力,以便使他们的工程流程更顺畅,取而代之的是建立了一个人人平等参与的结构。

本次演讲将介绍 Linux CVE 团队的工作方式,CVE 的分配过程,以及如何以简单且安全的方式妥善处理大量新出现的 CVE。

Here is a PDF of the slides from Greg’s git repo for this talk.