This presentation breaks down how Canonical performs security maintenance to patch vulnerable software and offers advice on how FOSS projects can disclose and preemptively discover vulnerabilities.

See slides with speaker notes

What audience can learn from this session

The two key messages I want to convey is that finding and disclosing vulnerabilities in your projects is okay and to write a security policy. The presentation will introduce how security maintenance at Canonical is performed and give many suggestions on how FOSS projects can tighten their security. Links to resources are provided in the slides.

About the speaker

I work for Canonical’s Security Team to perform security maintenance, audit software, manage CVE assignment, and answer community questions.

Mark Esler

I work for Canonical's Security Team to perform security maintenance, audit software, manage CVE assignment, and answer community questions.

Launchpad GitHub Twitter