Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Linux Foundation’s invitation-only event unites business and technical experts to collaborate on technical issues, the business of open source, best practices in collaborative development, and how to grow open source communities.

Note: The schedule is still being finalized so there may appear to be gaps in the schedule and session dates/times may shift.
View analytic
Thursday, February 19 • 1:40pm - 2:30pm
Lessons Learned from the Xen Project Security Response Process - George Dunlap, Citrix

Sign up or log in to save this to your schedule and see who's attending!

Recent vulnerabilities like Heartbleed and Shellshock have brought attention to the place security of open-source software plays in our critical infrastructure. When vulnerabilities are discovered, project response can have a major impact on how much risk end users are exposed to.

The Xen Project is a critical component in the cloud, and as a result we have been developing our security response process for several years. This talk will explore the principles behind our process, as well as some of the pain points we have experienced along the way, to help other projects and users understand the potential issues involved. It will include the various approaches, from full disclosure to pre-disclosure (and who to pre-disclose to); "public" and "private" vulnerabilities, community trust issues, and a number of issues we wouldn't have expected.

Speakers
avatar for George Dunlap

George Dunlap

Staff Software Engineer, Citrix
George Dunlap worked with the Xen project while a graduate student at the University of Michigan before receiving his PhD in 2006. He is currently working as Staff Software Engineer for Citrix on the open-source Xen team in Cambridge, England. He has done work in many areas of Xen, including performance analysis, scheduling, and memory management. He writes technical articles regularly for the xenproject.org blog, including one describing in... Read More →


Thursday February 19, 2015 1:40pm - 2:30pm
Dry Creek Valley Ballroom II

Attendees (6)