Don’t miss out! Join us at the next Open Source Summit in Seoul, South Korea (November 4-5). Join us at the premier vendor-neutral open source conference, where developers and technologists come together to collaborate, share knowledge, and explore the latest innovations and advancements in open source technology. Learn more at https://events.linuxfoundation.org/
Prioritizing the Linux OS Hardening and CVE Mitigation – Baoli Zhang, Intel
There have been thousands security vulnerabilities in Linux OS community and also has new detected ones every day. The operating system vendors (OSVs) have to take big effort to mitigate CVEs and hardening the OS. To save the effort, we analyzed most of the history CVEs in Linux kernel, and understand the CVE distribution by CWE, kernel config, sysctl parameters and others key attribution. In this way, we expect to understand which OS hardening method is most useful and which is not so important. Furthermore, we also expect it can help us prioritize the CVEs, then we only need focus on the most critical one. Last, we also prefer to share how we handle the CVEs in the production Linux kernel and expect it can benefit more talent in Linux community.
