Stef Walter
Stef joined Red Hat in 2012 as an engineer working to make Linux integrated, discoverable, and usable. He has more than 20 years and 100 projects of experience working with open source. Among other things he led the RHEL Web Console “Cockpit” project, and became passionate about automating engineering tasks, integration testing and continuous delivery.
He now leads an engineering organization responsible for a large part of the RHEL and Fedora, CoreOS and more.
Red Hat
Senior Director Linux Engineering
Session
There’s been a monumental increase in the number of CVEs (vulnerabilities) tracked in Open Source. Nearly 50,000 identified in the last year. 130 a day. This is the latest big shift in how Open Source works, let's discuss where it came from.
Due to the explosion in CVEs it has become hard for users to determine which software they use is actually vulnerable. Many users now have very different expectations: they want distributions that make all of this noise just “go away”. It’s impossible to evaluate this waterfall of CVES for actual security impact.
Manually backporting all these patches, the way RHEL and long term other stable distributions do, is becoming untenable. Other approaches are popping up, and let's look at one of them: Hummingbird. A large set of minimal containers that are built as close to upstream as possible, and thus have as many fixes for identified vulnerabilities as possible. Built on fully automated large scale supply chain, no humans involved until required.