Vulnerability Reporting and Security for Eclipse Projects

In this session, guest speaker Marta Rybczynska from the Eclipse Security Team started with a refresher on the vulnerability reporting and handling process from the committer’s perspective. Then she reviewed take-aways from the new CNA rules covering common situations, including how you determine whether or not a specific bug is a vulnerability.