Name: A Glimpse Into OSS Vulnerability Disclosure Practices - Jessy Ayala, UC Irvine
Start: 2024-10-23T13:45:00-0400
End: 2024-10-23T14:15:00-0400

October 22-23, 2024 | Atlanta, Georgia USA
View More Details & Registration

The Sched app allows you to build your schedule but is separate from your event registration. You must be registered for SOSS Fusion 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Eastern Daylight Saving Time. To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.

Wednesday October 23, 2024 1:45pm - 2:15pm EDT

Skelton

In open-source software (OSS), software vulnerabilities are at an all-time high. We conduct a study focusing on security advisories and bug bounty reports as perspectives for exploring OSS vulnerability disclosure practices. In addition, we interviewed 17 OSS maintainers and reached out to MITRE to further raise awareness and resolve bottlenecked CVEs we identified. Our findings reveal struggles in conducting efficient vulnerability review, the absence of CVEs in the National Vulnerability Database for Critical vulnerabilities, and ranked OSS maintainer vulnerability management challenges. Such findings reveal gaps that hinder the spread of alerts to affected projects. We offer actionable recommendations to enhance OSS project security, improve review rates, and promote robust vulnerability disclosure practices. Overall, we reveal gaps in the current OSS security landscape to provide valuable insights for OSS maintainers and contributors, vulnerability database maintainers, and the broader OSS community.

Speakers

Jessy Ayala

PhD Student, UC Irvine

Jessy is a PhD student at UC Irvine studying problems where software engineering meets security. In particular, Jessy is interested in investigating and addressing software supply chain security concerns from various angles. In his free time, Jessy enjoys writing music and training... Read More →

Wednesday October 23, 2024 1:45pm - 2:15pm EDT
Skelton

Maintainer / Contributor

SOSS Fusion 2024

Jessy Ayala

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!