Rolling Your Own Security Team for Fun and No Profit at All

Explore the evolution and challenges of founding and running the Arch Linux Security Team in this comprehensive conference talk from Arch Conf 2020. Gain insights into the team's development over six years, including its core values, motivation, and communication strategies. Learn about the Security Tracker, manual code review processes, and handling of proprietary packages. Discover optimization techniques, the CV numbering authority, and how to contribute to Arch Linux security. Understand the workflow, tools, and API used for security tracking, as well as the team's approach to verifying security fixes. Get answers to questions about Arch Linux's security handling, paid staff, and how to get involved in the security team.

Intro
What we do
Timeline
Security Tracker
Core Values
Motivation
Communication
Be approachable
Define your core values
Explore further areas
Special thanks
Optimization
Thank you
CV numbering authority
Manual review of code
Closed source proprietary packages
What does it take for a proprietor package to get included
Is there a fixed rule when a proprietor package is done
What software do you use for security tracking workflow
Is it part of the security team teams mandate to verify the security fixes
Does Arch Linux have any paid staff
How is Archs security handled
How can you get involved
Security Tracker API