Managing vulnerabilities: Understanding patch notifications and fixing CVEs
After Notification: The Next Steps
In a previous blog, we covered how Timesys handles security monitoring and notification of open source software vulnerabilities, how to generate reports on demand for the current state of a Yocto or Factory build on the desktop, and how to view, generate, and subscribe for reports on the web. If you missed it, now would be a good time to catch up before reading this post, because the next steps cover what to do with the information contained in those reports. Specifically, you may have the following questions:
- What should I fix?
- Where do I find the fixes?
- How do I apply fixes to my build?
We’ll start by explaining the meaning of the subcategories of “Unfixed” CVEs and the “Vector” column in the reports, and then break down each of the above questions. Along the way, you’ll see how the solutions offered by Timesys can save you countless hours spent searching for patches, applying them to your build, and dealing with conflicts that arise when upgrading.
Continue reading “Managing vulnerabilities: Understanding patch notifications and fixing CVEs” »
