Effective Vulnerability Management for Over 400 Projects at the Eclipse Foundation

Marta Rybczynska (Eclipse Foundation, FR), Michael Winser (Eclipse Foundation, US)

Marta Rybczynska has a network security background and 20 years of experience in Open Source. She has been working with embedded operating systems like Linux and various real-time ones, system libraries, and frameworks up to user interfaces. In the recent years she has worked in Open Source security, setting up best practices and processes. She is currently helping Eclipse Foundation as a Technical Program Manager for the Security Team, where she is managing the vulnerability reporting process.

Michael Winser is a 40 year veteran in the software industry, with over 25 of those years at Google and Microsoft. Michael has extensive experience in software supply chain security, software development practices, and developer ecosystems. He works with the Eclipse Foundation Security Team as a Security Strategy Ambassador. He is also the co-founder of, and strategist for, the Alpha-Omega project. He also advises various corporations and open source organizations on software supply chain security.

—

The Eclipse Foundation has over 20 working groups and more than 400 projects. Until recently, each project had its own, often ad hoc, approach to vulnerability management. This was painful for everyone involved in the process. Security researchers had to manually figure out where to report vulnerabilities; reports were stored in many different ways, and every project had its own approach. Learn how the Eclipse Foundation Security Team is creating a set of common practices and solutions to make every aspect of the process secure and effective at scale.

source by FIRST

linux foundation