Surviving the CVE Firehose: Strategies for Open Source Product Security

Explore strategies for managing and surviving the onslaught of security vulnerabilities in open source products. Learn about Common Vulnerability Enumeration (CVE) IDs, privately known security vulnerabilities, and 0-day vulnerabilities. Discover techniques to effectively manage product security, improve over time, and avoid feeling overwhelmed. Gain insights into the nature of security vulnerabilities, the importance of update mechanisms, and methods for tracking vulnerabilities. Examine concepts such as attackable surface area, privilege management, and code reviews. Consider the value of seeking outside expertise and understand the potential for including CVE messages in kernel commits. Equip yourself with the knowledge to protect your open source product and thrive in the face of constant security challenges.

Introduction
What is a security vulnerability
The Venn diagram
What are security vulnerabilities
Is it secure
Is it compromised
Is it vulnerable
WordPress vulnerability
Traditional hacker
Money
Chromium Bug Bounty
How Much Do They Pay
What Is A CVE
The Silent Bug Fix
How Does This Help Me
Include An Update Mechanism
How To Track Vulnerabilities
Ikey Aikido Dirty
Attackable Surface Area
Privilege
Code Reviews
Should an outside company seek outside expertise
Are there plans to put CVE messages in kernel commits