owned this note changed 10 months ago

Linked with GitHub

Improving FOSS Security - Mark Esler

歡迎來到 https://hackmd.io/@coscup/2024 共筆

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

點擊本頁上方的開始用 Markdown 一起寫筆記！
手機版請點選上方按鈕展開議程列表。

Slides

https://docs.google.com/presentation/d/1c1_Zr8xgDjnQAn1F7COgfiizY5kL1vY7u1t6ASxSNVo/edit?usp=sharing

Collab-note

CVE - Common Vulnerability Enumeration
CVSS - Common Vulunerability Scoring System

CVSS v3.1 Calculator
CWE - Common Weakness Evaluation

Bogus CVEs

LWN "The bogus CVE problem": https://lwn.net/Articles/944209/
https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/

Security Policy for FOSS projects

Github Private Vulnerability Reporting

https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability

Vulnerability Discovery

Static Analyzers
Fuzzers
Bug Bounties

Vulnerability Disclosure

Cooridnated Vulnreability Disclosure (CVD)

Open SSF's Zero Day

Common Tips
Security Patching

Add test to reproduce vulnerability

https://oss-security.openwall.org/wiki/mailing-lists/distros

Create a PSIRT (Product Security Incident Response Team)
(PSIRT: prounce as P-Sirt)

https://markesler.com/notes/vulnerability-jargon/

Q & A

Cheatsheet

Syntax	Example	Reference
# Header	Header	基本排版
- Unordered List	Unordered List
1. Ordered List	Ordered List
- [ ] Todo List	Todo List
> Blockquote	Blockquote
Bold font	Bold font
Italics font	Italics font
~~Strikethrough~~	~~Strikethrough~~
19^th^	19^th
H~2~O	H₂O
++Inserted text++	Inserted text
==Marked text==	Marked text
[link text](https:// "title")	Link
![image alt](https:// "title")	Image
`Code`	`Code`	在筆記中貼入程式碼
```javascript var i = 0; ```	`var i = 0;`	在筆記中貼入程式碼
:smile:		Emoji list
{%youtube youtube_id %}	Externals
$L^aT_eX$	L^aT_eX
:::info This is a alert area. :::	This is a alert area.

Select a repo