Linux Foundation’s invitation-only event unites business and technical experts to collaborate on technical issues, the business of open source, best practices in collaborative development, and how to grow open source communities.

Note: The schedule is still being finalized so there may appear to be gaps in the schedule and session dates/times may shift.
Back To Schedule
Thursday, February 19 • 1:40pm - 2:30pm
Lessons Learned from the Xen Project Security Response Process - George Dunlap, Citrix

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Recent vulnerabilities like Heartbleed and Shellshock have brought attention to the place security of open-source software plays in our critical infrastructure. When vulnerabilities are discovered, project response can have a major impact on how much risk end users are exposed to.

The Xen Project is a critical component in the cloud, and as a result we have been developing our security response process for several years. This talk will explore the principles behind our process, as well as some of the pain points we have experienced along the way, to help other projects and users understand the potential issues involved. It will include the various approaches, from full disclosure to pre-disclosure (and who to pre-disclose to); "public" and "private" vulnerabilities, community trust issues, and a number of issues we wouldn't have expected.

avatar for George Dunlap

George Dunlap

Principle Software Engineer, Citrix Systems R&D UK Ltd
George Dunlap worked with the Xen project while a graduate student at the University of Michigan before receiving his PhD in 2006. He is currently working as Staff Software Engineer for Citrix on the open-source Xen team in Cambridge, England. He has done work in many areas of Xen... Read More →

Thursday February 19, 2015 1:40pm - 2:30pm PST
Dry Creek Valley Ballroom II

Attendees (0)