Loading…
June 26-30, 2023
Prague, Czech Republic + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Embedded Open Source Summit 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time (UTC/GMT +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Friday, June 30 • 16:00 - 16:40
Tracking Vulnerabilities with Buildroot and Yocto - Arnout Vandecappelle, Mind

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
When an embedded product is released, it is certain to contain vulnerabilities that can allow threat actors to abuse the device. A responsible provider proactively tracks and fixes these vulnerabilities before they are abused. Vulnerability databases, like CVE, publish them, but it would take an unrealistic amount of time to track every entry in the CVE database. Fortunately, embedded build systems provide some tools that make tracking of vulnerabilities easier. Arnout has used both Buildroot and OpenEmbedded (yocto) to develop products. This talk explains the various tools that either of them provide to track vulnerabilities, and what this means from a practical perspective as a product developer. Shortcomings in the flow are highlighted, with ideas of how the build systems and other tools can be improved to make life easier for the embedded developer.
Speakers
avatar for Arnout Vandecappelle

Arnout Vandecappelle

Sr. Embedded Software Architect, Mind
Arnout Vandecappelle is working since 2008 as Senior Embedded Software Architect at Mind, providing consultancy on Linux and Open Source Software for Embedded Systems: driver development, debugging, system integration, etc. He is a maintainer of Buildroot and has contributed to several... Read More →


2023 06 30 EOSS Tracking Vulnerabilities with Buildroot and Yocto pdf
Friday June 30, 2023 16:00 - 16:40 CEST
South Hall 3B (Level 3)
  Embedded Linux Conference (ELC)