March 12-14, 2019 - Half Moon Bay, CA
Click Here For Information
Back To Schedule
Thursday, March 14 • 9:00am - 9:30am
Embargo On, Embargo Off - Art Manion, CERT Coordination Center

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Linux and a variety of other open source projects make up core components of increasingly complex modern software systems. Bugs in one component transition through supply chains and can affect many downstream nodes in the graph. The security bug (or vulnerability) ecosystem features a process called coordinated vulnerability disclosure. Someone finds a bug, tells a maintainer privately, a fix is developed, some more people are informed, and then the bug and fix are published. The length of time a security bug remains private -- under embargo -- has been the subject of debate for decades. The Linux and open source communities have a particular take on the length of embargoes. The more closed source and commercial communities generally have a different opinion. Safety-critical embedded systems bring yet another set of concerns. How do embargoes affect risk? Can they be optimized?

avatar for Art Manion

Art Manion

Vulnerability Analysis Technical Manager, Carnegie Mellon University Software Engineering Institute
Art Manion is a senior member of the Vulnerability Analysis team in the CERT Program at the Software Engineering Institute (SEI), Carnegie Mellon University. Since joining CERT in 2001, Manion has studied vulnerabilities, coordinated disclosure efforts, and published advisories, alerts... Read More →

Thursday March 14, 2019 9:00am - 9:30am PDT
Salon 1