For the Linux kernel, CVEs do not work at all given the rate of fixes being applied and rapidly backported and pushed to users through a huge variety of different ways. The average “request to fix” date for Linux CVEs is -100 days, showing that either no one cares...
Suricata is a network threat detection engine using network packets capture to reconstruct the traffic till the application layer and find threats on the network using rules that define behavior to detect. This task is really CPU intensive and discarding non...
This presentation will cover some of the most recent KSPP accomplishments, as well as some currently active efforts. Also, a brief explanation of how you can help us complete some particularly challenging work will be...
There is a lot of misunderstanding about how the Linux kernel deals with security vulnerabilities. This talk will go into how the different Linux kernel security teams work, how security and bugfixes are handled, how changes are propagated out to the public, and how...
Landlock enables to sandbox Linux applications but it might be challenging to identify the cause of denied accesses. Being able to debug a security policy is an important feature for an access control system. Likewise, logging denied accesses (and their reason) helps...
