Jérôme Oufella
Jérôme is VP Technologies at Savoir-faire Linux, where he helps teams build dependable and innovative systems. Active in open-source software since the late 1990s, he has contributed to projects spanning critical and embedded industries, from aerospace and defense to multimedia and robotics. He holds a master’s degree in software engineering and has spent over 25 years designing systems where safety, security, and long-term maintainability matter.
Session
VulnScout is an open-source vulnerability assessment tool that analyzes SBOMs and aggregates results from sources such as CVE, OSV, and Yocto cve-check output. To make it directly usable within the Yocto ecosystem, we developed meta-vulnscout, a layer adding build tasks for automated and web analysis, similar in spirit to Toaster.
This talk will show how VulnScout helps improving the security envelope of Yocto-based systems and present our roadmap for tighter integration with Yocto workflows, including continuous monitoring, CI gating based on severity filters, and structured reporting. Attendees will learn how to run it today and what is coming next.