OSV and the Life of an Open Source Vulnerability
Offered By: OpenSSF via YouTube
Course Description
Overview
Explore the challenges and solutions in managing open source vulnerabilities through this 24-minute conference talk by Andrew Pollock from Google. Dive into the world of OSV (Open Source Vulnerabilities) and learn how it addresses the complexities of vulnerability management throughout the software development life cycle. Discover the OSV Schema, its adoption across various open source ecosystems, and its role in creating a comprehensive, distributed vulnerability database. Examine real-world implementations of the OSV Schema and its application in solving challenges related to C/C++ library vulnerabilities. Follow the journey of a typical software development life cycle, focusing on vulnerability remediation and the integration of OSV. Gain insights into reducing false positives, auto-generating VEX statements, and implementing a "guided remediation" workflow to efficiently address known vulnerabilities in dependency graphs.
Syllabus
OSV and the Life of an Open Source Vulnerability - Andrew Pollock, Google
Taught by
OpenSSF
Related Courses
Security Is an Ecosystem - We Can't Be Secure in IsolationLinux Foundation via YouTube Improving the Security of a Large Open Source Project One Step at a Time
Linux Foundation via YouTube Simplifying Coordinating Vulnerabilities and Disclosures in Open Source Projects
Linux Foundation via YouTube SLSA in Action: Securing the Software Supply Chain
Linux Foundation via YouTube Implementing OpenSSF Best Practices Badges and Scorecards for Project Security
Linux Foundation via YouTube