Security requires a holistic approach. This can be divided into design and defect response.
The design aspect of this is left to the implementer of the device. However, as a project we need to do a better job at defining defaults, and looking for items like SCAP that can be used to help people design/implement more secure devices. On the defect (security) response side, work is in progress on this. Currently there is a script that will pull down CVE information and attempt to determine if a recipe may be affected based on specific CPE information. But in the end, this is a reactive approach that relies on other people to do initial triage and assign the CPEs (and other information). This means we really need more proactive, response approach. The tooling for this is nearly ready to go. We have the security response tool (which is part of the Yocto Project) designed to help us perform triage, and a small group of us has been working on a process around to perform the triage. In the near future, I will be trying to post to the yocto-security list triage status and other issues we find. When I begin posting, I will be inviting people to help contribute to our triage, and response process. (Currently we're running proof of concept triage behavior with a small group of people.) --Mark On 1/13/20 11:13 AM, Minelik, Ben [US] (MS) wrote: > Good Morning, > > > > I was wondering if there is a more holistic way we can address security in > Yocto > where we don’t have to create scripts for each vulnerability? Is there > anything > in Yocto meta-security and buck-security that can assist with the hardening of > Yocto? > > > > > > > > Thank you, > > > > Ben > > Cybersecurity Engineer > > 720-975-5665 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4647): https://lists.yoctoproject.org/g/meta-xilinx/message/4647 Mute This Topic: https://lists.yoctoproject.org/mt/69673689/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-xilinx/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
