coneypo / Vericode_decoder

0 stars 0 forks source link

Security- CVE scanning for ACRN released binary components. #123

Open coneypo opened 5 years ago

coneypo commented 5 years ago

There is one more thing that it is increasingly gaining attention now in Intel with regards to security – CVE scanning for released binary components.This has been now escalated everywhere and constant auditing is happening from IPAC. So, please make sure that whenever you do any binary release, scan all your binaries with respective tools.For example, we have in OTC [https://gitlab.devtools.intel.com/otc-security/cve-bin-tool] that is able to check for common vulnerabilities/CVEs  in binaries.Make sure you run it.Dependency check is another tool you might want to integrate into your release process, if you make binary releases: [https://www.owasp.org/index.php/OWASP_Dependency_Check

Mingyuan18 commented 5 years ago

[External_System_ID] ACRN-2454