• Share this article:

Announcing Security Training on Vulnerability Management, SBOM and related subjects

Monday, May 19, 2025 - 09:11 by Marta Rybczynska

Do you want to know more about vulnerability management?

As a developer, you might receive reports, or need to create some for your upstream projects.

As a user, you might find something that could have security impacts.

As a Committer, you want to know how to best manage reports your Project is getting.

 

After the first series of training focused on general concepts, the Eclipse Foundation Security team is offering a new set of training, this time focused on vulnerability management and related subjects (like dependencies and Software Bills of Materials).

 

During day 1 (June 3) you will learn:

  • What are all those abbreviations related to vulnerabilities (CVE, NVD, CVSS…)
  • What to do to make life easier for potential reporters
  • How to report a vulnerability so that it is helpful to the upstream project
  • How to do a security fix release and write a CVE entry
  • Which tools you could use (GitLab issues, GitHub private advisories, Project security mailing list) and when
  • How the Eclipse Foundation Security team is assisting Projects

During day 2 (June 10) you will learn:

  • What are embargoes and how they work
  • How to handle a multi-project issue
  • How to coordinate releases between projects
  • How to write security advisories
  • How to evaluate your dependencies and with which tools
  • What is SBOM (Software Bill of Materials)? And how can you generate one for your Project?
  • How to use the Eclipse Foundation SBOM storage

About our training:

  • Our training is open to all: Contributors, Committers and users of Eclipse Foundation projects, and is free of charge. 

  • The only pre-requirement is to have some experience in software development (in any programming language).

  • People who complete both sessions will receive a nice badge.

  • The training will have a form of an interactive lecture (around 15 minutes length each) with QA time and quizzes.

  • Recordings will be available for everyone after our two sessions.

 

Modules for the day 1 (Tuesday, June 3, starting 16h CEST, 14h UTC):

  • Vulnerability management fundamentals
  • Vulnerability management at Eclipse Foundation

 

Register for day 1: https://eclipse.zoom.us/meeting/register/33MOSZTTRvulmetPGJ_q_w

 

Modules for the day 2 (Tuesday, June 10, starting 16h CEST, 14h UTC):

  • Vulnerability response coordination and embargoes
  • Dependency management
  • Software Bill of Materials

 

Register for day 2: https://eclipse.zoom.us/meeting/register/Z-ges8SNSCuk6XloxqMPQA

Tags
security
training
eclipse training