Black Hat , Events , Next-Generation Technologies & Secure Development

Open-Source Security: Shining the Spotlight on Development

Eclipse Foundation's Marta Rybczyńska on Best Practices for Vulnerability Reporting
Marta Rybczyńska, technical program manager, Eclipse Foundation

Securing open-source software poses a significant challenge for industry experts who must contend with a vast variety of programming languages and technologies used to develop open-source projects, along with the equally diverse attack routes available to threat actors for exploiting vulnerabilities.

See Also: August Spotlight | Automated Threat Intelligence Correlation

Marta Rybczyńska, technical program manager at Eclipse Foundation, explained how security professionals should approach vulnerability reporting. She recommended outlining specific guidelines for researchers in a file to ensure confidentiality and prevent potential exploits from reaching public channels.

"The most important thing will be training of the development teams on security processes," she said. "There should be someone looking at those reports, analyzing them, triaging, finding people who are going to make the fix, and communicating with the security researchers to give them information on where we are in the process."

In this interview with Information Security Media Group at Black Hat Europe 2023, Rybczyńska also discussed:

  • The need for clear communication between security researchers and developers;
  • Eclipse Foundation's current priorities, including automating security management for its extensive project portfolio;
  • The evolving role of AI in identifying and remediating vulnerabilities in open-source software.

Rybczyńska has 20 years of experience in network security and open-source software. She is the founder of Syslinbit, an open-source consulting company. Her expertise spans embedded development, Linux kernel architecture and contributions to various open-source projects.

About the Author

Tony Morbin

Tony Morbin

Executive News Editor, EU

Morbin is a veteran cybersecurity and tech journalist, editor, publisher and presenter working exclusively in cybersecurity for the past decade – at ISMG, SC Magazine and IT Sec Guru. He previously covered computing, finance, risk, electronic payments, telecoms, broadband and computing, including at the Financial Times. Morbin spent seven years as an editor in the Middle East and worked on ventures covering Hong Kong and Ukraine.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.