2024-12-05 –, kirkstone
Styhead includes several security-related changes. In this talk, Marta will discuss the rework of the cve-check, SBOM generation, policy changes, and more.
Open source security was in the spotlight in 2024, with the Linux kernel CNA (CVE Numbering Authority), the rise of Rust, and the xz incident. In addition, upcoming legislation mandates « secure by default .» How is the Yocto Project reacting to those changes?
In this talk, Marta will walk you through the changes in the security-related tools included in the Yocto Project. The description consists of the changes in the cve-check and introduction of the vex class (and removing the cve-check text format), SBOM changes, including the addition of SPDX3, and various other modifications (do you know that Poky is not for production?).
This talk is a must-have if you’re developing a product that will appear on the market in 2025 or beyond.
Marta Rybczynska has a network security background, with 20 years of experience in Open Source. She has worked with embedded operating systems like Linux and various real-time OSes, and with system libraries and frameworks up to user interfaces. She has been involved in various Open Source projects, and also contributed kernel-related guest articles for LWN.net. She frequently speaks at conferences, including Open Source Summit, FOSDEM and more.