NOTE: The event will be held in Central Daylight Time (CDT), UTC -5.

View More Details for Open Source Summit + Embedded Linux Conference North America 2020
Registration Information.
Back To Schedule
Monday, June 29 • 2:05pm - 2:55pm
Why Is There No Free Software Vulnerability Database? - Philippe Ombredanne, AboutCode.org and nexB Inc. & Michael Herzog, nexB Inc.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Something is not right: comprehensive databases of known FOSS software vulnerabilities are mostly proprietary and privately maintainer. Why could not these be open data instead? They are after all about FOSS code.

"Using Components with Known Vulnerabilities" is one of the OWASP Top 10 Most Critical Web Application Security Risks. Identifying such vulnerable components is currently hindered by data structure and tools that are (1) designed primarily for proprietary software components and (2) incomplete and too dependent on voluntary submissions to the National Vulnerability Database. With the explosion of FOSS usage over the last decade we need a new approach to efficiently identify FOSS security vulnerabilities. And that approach should be based on open data and FOSS tools.

Find how we are working to build new FOSS tools to aggregate, relate together and curate software component vulnerability data from multiple sources and automate the search for FOSS component security vulnerabilities.

The benefit: improved security of software applications with open tools and data for everyone.

avatar for Michael Herzog

Michael Herzog

CEO, nexB Inc.
avatar for Philippe Ombredanne

Philippe Ombredanne

ScanCode maintainer, AboutCode.org and nexB Inc.
Philippe Ombredanne is a passionate FOSS hacker, lead maintainer of the ScanCode toolkit and on a mission to enable easier and safer to reuse FOSS code with best in class open source Software Composition Analysis tools for open source discovery, license & security compliance at https://aboutcode.org... Read More →

Monday June 29, 2020 2:05pm - 2:55pm CDT
OS Dependability Theater