Speaker
Damiano Melotti
(Google)
Description
With the Linux Foundation becoming a CNA (https://docs.kernel.org/process/cve.html), the process around CVE assignment for kernel vulnerabilities has radically changed. Organizations maintaining downstream versions of the kernel have reacted differently, and those analyzing every CVE are struggling to keep up with the high volume of commits to process. This BoF session can be an opportunity to initiate a discussion on how to collaborate in this space, for those who can't keep their kernel upstream-aligned.
Primary author
Damiano Melotti
(Google)