There is one more thing that it is increasingly gaining attention now in Intel with regards to security – CVE scanning for released binary components.This has been now escalated everywhere and constant auditing is happening from IPAC. So, please make sure that whenever you do any binary release, scan all your binaries with respective tools.For example, we have in OTC [https://gitlab.devtools.intel.com/otc-security/cve-bin-tool] that is able to check for common vulnerabilities/CVEs in binaries.Make sure you run it.Dependency check is another tool you might want to integrate into your release process, if you make binary releases: [https://www.owasp.org/index.php/OWASP_Dependency_Check]
Mingyuan18
commented
5 years ago
There is one more thing that it is increasingly gaining attention now in Intel with regards to security – CVE scanning for released binary components.This has been now escalated everywhere and constant auditing is happening from IPAC. So, please make sure that whenever you do any binary release, scan all your binaries with respective tools.For example, we have in OTC [https://gitlab.devtools.intel.com/otc-security/cve-bin-tool] that is able to check for common vulnerabilities/CVEs in binaries.Make sure you run it.Dependency check is another tool you might want to integrate into your release process, if you make binary releases: [https://www.owasp.org/index.php/OWASP_Dependency_Check]