owned this note changed 9 months ago

Linked with GitHub

Improving FOSS Security - Mark Esler

歡迎來到 https://hackmd.io/@coscup/2024 共筆
點擊本頁上方的開始用 Markdown 一起寫筆記！
手機版請點選上方按鈕展開議程列表。

Slides

https://docs.google.com/presentation/d/1c1_Zr8xgDjnQAn1F7COgfiizY5kL1vY7u1t6ASxSNVo/edit?usp=sharing

Collab-note

CVE - Common Vulnerability Enumeration
CVSS - Common Vulunerability Scoring System

CVSS v3.1 Calculator
CWE - Common Weakness Evaluation

Bogus CVEs

LWN "The bogus CVE problem": https://lwn.net/Articles/944209/
https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/

Security Policy for FOSS projects

Github Private Vulnerability Reporting

https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability

Vulnerability Discovery

Static Analyzers
Fuzzers
Bug Bounties

Vulnerability Disclosure

Cooridnated Vulnreability Disclosure (CVD)

Open SSF's Zero Day

Common Tips
Security Patching

Add test to reproduce vulnerability

https://oss-security.openwall.org/wiki/mailing-lists/distros

Create a PSIRT (Product Security Incident Response Team)
(PSIRT: prounce as P-Sirt)

https://markesler.com/notes/vulnerability-jargon/

Q & A

Cheatsheet

Syntax	Example	Reference
# Header	Header	基本排版
- Unordered List	Unordered List
1. Ordered List	Ordered List
- [ ] Todo List	Todo List
> Blockquote	Blockquote
Bold font	Bold font
Italics font	Italics font
~~Strikethrough~~	~~Strikethrough~~
19^th^	19^th
H~2~O	H₂O
++Inserted text++	Inserted text
==Marked text==	Marked text
[link text](https:// "title")	Link
![image alt](https:// "title")	Image
`Code`	`Code`	在筆記中貼入程式碼
```javascript var i = 0; ```	`var i = 0;`	在筆記中貼入程式碼
:smile:		Emoji list
{%youtube youtube_id %}	Externals
$L^aT_eX$	L^aT_eX
:::info This is a alert area. :::	This is a alert area.

Select a repo