Open Source Security – Vulnerabilities Never Come Alone

Explore the challenges and vulnerabilities of open source security in this comprehensive talk from the Hack In The Box Security Conference. Delve into Fermin J. Serna's insights on code quality, security practices, and the findings of the Semmle Security Research Team's three-month triage of open source CVEs. Learn about the use of QL for variant analysis and discover specific case studies, including the u-boot research. Gain valuable knowledge from Serna's extensive experience as a security expert, including his roles at Google, Microsoft, and as CSO at Semmle. Examine topics such as backdoors, package managers, Linux kernel buffer overflows, and WiFi framing vulnerabilities. Enhance your understanding of open source security challenges and solutions through this informative presentation.

Introduction
Who is Fermin
Open Source Security
CB System
Backdoor
Package Manager
Importing Packages
Open Source Software
GitHub
Linux Kernel Buffer Overflow
Deep Dive
Research Query
Uboot
NFS
Research Journey
If Check
Double Neural
Seabees
WiFi Framing
CW1200
CFG811
Recap
QA