March 12-14, 2019 - Half Moon Bay, CA
Click Here For Information
Back To Schedule
Thursday, March 14 • 9:00am - 9:30am
Embargo On, Embargo Off - Art Manion, CERT Coordination Center

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Linux and a variety of other open source projects make up core components of increasingly complex modern software systems. Bugs in one component transition through supply chains and can affect many downstream nodes in the graph. The security bug (or vulnerability) ecosystem features a process called coordinated vulnerability disclosure. Someone finds a bug, tells a maintainer privately, a fix is developed, some more people are informed, and then the bug and fix are published. The length of time a security bug remains private -- under embargo -- has been the subject of debate for decades. The Linux and open source communities have a particular take on the length of embargoes. The more closed source and commercial communities generally have a different opinion. Safety-critical embedded systems bring yet another set of concerns. How do embargoes affect risk? Can they be optimized?

avatar for Art Manion

Art Manion

Vulnerability Analysis Technical Manager, CERT Coordination Center
Art Manion is the Vulnerability Analysis Technical Manager at the CERT Coordination Center (CERT/CC), part of the Software Engineering Institute at Carnegie Mellon University. He has studied software security and coordinated responsible disclosure efforts since joining CERT in 2001... Read More →

Thursday March 14, 2019 9:00am - 9:30am
Salon 1