Real World Security Response
Mark Cox, Consulting Engineer, Red Hat
Track: Linux, Security
Date: Thursday, July 27
Time: 10:45am - 11:30am
We'll take a look at the impact and debate around informing distribution vendors such as Red Hat, how and when it's useful to involve CERTs and NISCC and what they're useful for. We'll look at where groups without the expertise or time to handle security issues on their own can go to get advice and help, how to manage the press and research firms.
We'll explain how the CVE (Common Vulnerabilities and Exposures) project works including how to allocate names and what they mean, and a brief look at the OVAL (Open Vulnerability Assessment Language), the National Vulnerability Database, and CVSS (Common Vulnerability Scoring System).
By looking at both the shared and different approaches, and through example, we can gain an understanding of why different groups take different approaches and the relatives merits of each decision.