Loading…
March 18-20, 2025
Napa, California
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for the event to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to find out more information.

This schedule is automatically displayed in Pacific Daylight Time (UTC/GMT -8). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
Take Control Over Your Project's CVE Entries Before Someone Else Does - Greg Kroah-Hartman, Linux Foundation
Wednesday March 19, 2025 2:45pm - 3:15pm PDT
Silverado West
Unless your project explicitly becomes a Certification Numbering Authority (CNA), it is possible for almost anyone else to create a random CVE entry against your project. With the upcoming responsibility that projects have due to laws like the CRA in Europe, it is getting more and more important for all open source projects to handle the tracking of security bugs and identifiers themselves, instead of assuming others will do it for them.

cve.org now allows all open source projects to be their own CNA, so there is no excuse not to take ownership of this for your project. Groups like curl, the Linux Kernel, Kubernetes, and Python have all done this already, and OpenSSF has produced information explaining how you too can do it.

This talk will go into why you want to become a CNA, the steps involved, and tips learned from the Linux kernel CVE team in handling their 8 CVEs issued a day, alone with other information about other country's numbering authorities which will be coming online in the next few years.
Speakers
avatar for Greg Kroah-Hartman

Greg Kroah-Hartman

Fellow, Linux Foundation
Greg Kroah-Hartman is a Fellow at the Linux Foundation. He is currently responsible for the stable Linux kernel releases, and a member of the Linux kernel CVE team. He is also a maintainer of the USB, TTY, and driver core subsystems in the kernel as well as other portions of the codebase... Read More →
Wednesday March 19, 2025 2:45pm - 3:15pm PDT
Silverado West
  Building and Managing Healthy Open Source Projects
  • Audience Experience Level Any

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link