Stef Walter
Stef joined Red Hat in 2012 as an engineer working to make Linux integrated, discoverable, and usable. He has more than 20 years and 100 projects of experience working with open source. Among other things he led the RHEL Web Console “Cockpit” project, and became passionate about automating engineering tasks, integration testing and continuous delivery.
He now leads an engineering organization responsible for a large part of the RHEL and Fedora, CoreOS and more.
Red Hat
Senior Director Linux Engineering
Session
There's been a monumental increase in the number of CVEs tracked in Open Source. Nearly 50,000 identified in the last year: 130 a day. In part, this is due to AI.
We see an opportunity here to change Open Source software to be fundamentally more secure: Agents can cross check for exploitability and vulnerable patterns, port more easily to secure languages, and we can work at scales that were impossible before.
However, the current tsunami of CVEs has made it nearly impossible for users to determine what software they use is actually vulnerable. Manually assessing vulnerabilities, and backporting patches, the way traditional Linux distributions have done for decades, is becoming untenable at this scale. The math no longer works.
We'll look at one approach that does work: Hummingbird which consists of minimal, distroless containers built as close to upstream as possible on a fully automated supply chain, no humans involved until required. The result: zero known CVEs at time of delivery.
But that’s not enough. Lets get beyond this tsunami, and how we get to prevention of vulnerabilities.