CYBERSEC 2022 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
SPEAKER
SZ Lin
Bureau Veritas Cybersecurity Chief Expert
SZ Lin currently works for Bureau Veritas as an expert in cybersecurity, leading cybersecurity, architecture design, and assessment for the industry. He has 10+ years of experience in IACS/ OT cybersecurity, IIoT security, and secure software development lifecycle (SSDLC).
SZ was the former technical steering committee member of the CIP (Civil Infrastructure Platform) project and governing board member in the OpenChain project in the Linux Foundation.
Being a Debian developer, he works on various open source projects and involves himself in open source communities, mainly contributing and maintaining open source software in the security tools packaging team.
SZ has multiple speaking experiences, such as the Debian Conference、Embedded Linux Conference、Embedded Linux Conference Europe、Open Source Summit Japan、and Open Source Summit China, Open Compliance Summit, and Industrial Control Systems (ICS) Cyber Security Conference APAC.
Speech
SEP 22
#
Open Source Developer Experience Sharing - Managing Open Source Vulnerabilities through the Product Development Process
Open Source Software has become the mainstream trend in information and communication in recent years, from 5G (ORAN), blockchain, AI, and Cloud, to embedded devices, etc., from the application layer to the driver layer. From consumer to industrial applications, the industry has frequently used open source software as components for integration or secondary development. However, managing open source software security vulnerabilities after product development is over can be costly. In this sharing, SZ will analyze the status and trend of Common Vulnerabilities and Exposures (CVE) of open source software in recent years and describe how to integrate into software through requirements analysis, SBOM usage, analysis of open source software components, etc. Development lifecycle to manage open source software security vulnerabilities, thereby reducing overall software development/maintenance costs. In addition, from the perspective of open source software developers for many years, SZ will share how to track and deal with open source software security vulnerabilities through systematic tools, SBOM open source tools, etc. In addition to known vulnerabilities, SZ will share how to uncover unknown vulnerabilities through testing.
Open source is managed through open source, and open source software is used to create security products with reasonable R&D costs and acceptable information security risks so that R&D personnel can spend their energy on core technology research and development.