Open Source Security – Vulnerabilities Never Come Alone
Date: 17th Oct – ThursdayTime: 15:00-16:00Location: Ballroom B
Open source has won and is here to stay, but it comes with challenges. Open Source security is one of them that we face as an industry. We all consume it but what about its code quality, security practices, …
Over the last 3 months, Semmle Security Research Team has been triaging all open source CVEs and engaging on a subset of those performing variant analysis trying to uncover what it was missed.
During this talk we will present some of these cases where we used QL to perform variant analysis, in addition to some others where we performed the full research (seed vulnerability and variant analysis) such as u-boot.