How Can We, Help You, Help Us, Help You...Help Us...Help You?

Speaker: Ryan Ware


Track: Security

Type: Long talk (45 minutes)

Room: Drini

Time: Jul 20 (Wed): 11:00

Duration: 0:45

Debian is deployed in a large number and wide variety of environments. Why? Because it’s a central pillar of the Linux community and the quality of the distribution shows it. That said, those that deploy Debian just like Debian itself, are facing new challenges in a computing ecosystem that have dramatically changed over the last decade! The quantity of publicly documented security vulnerabilities in the MITRE National Vulnerability Database has increased by almost 5X. The number of vulnerabilities that don’t get documented in official databases is growing. The number of silent fixes being done by communities because they don’t want to deal with the overhead is growing. The unique environments that Linux is being deployed is growing. It’s an onslaught that continues to trend in the wrong direction ending up in creating things like US Presidential Executive Order 14028.

There are some ways that Debian can help those that consume it face these daunting challenges. To that end, I’d like to discuss some possible ways the community can help make it easier to face these challenges as well as ways others can help the community.

The audience for this talk is all Debian Developers. Security vulnerabilities affect everyone. What will they get out of it? Hopefully, the spark of an idea for how we all can help Debian face these challenges? What will I cover? Everything from changes in the computing ecosystem, problems the current industry vulnerability tracking systems are facing, how communities are responding to CVEs, Software Bill of Materials (SBOM), and other ways of making it easy for consumers of Debian to understand the security of their software.