The Eclipse Foundation announces a new edition of its security training

Do you want to know more about vulnerability management?

As a developer, you might receive reports, or need to create some for your upstream projects.

As a user, you might find something that could have security impacts.

As a Committer, you want to know how to best manage reports your Project is getting.

We are re-launching the training from this summer! If you haven’t had the opportunity to attend, we hope it will work for you this time - different dates, different times!

We have also prepared updates to the content with the arrival of Security Teams for Projects, and advancement in our SBOM pilot initiative.

During day 1 (November 13) you will learn:

• What are all those abbreviations related to vulnerabilities (CVE, NVD, CVSS…)
• How to make life easier for potential reporters
• How to report a vulnerability so that it is helpful to the upstream project
• How to release a security fix and write a CVE entry
• Which tools you could use (GitLab issues, GitHub private advisories, Project security mailing list) and when
• How the Eclipse Foundation Security team is assisting Projects

During day 1, starting 10:00 CET, 8:00 UTC the content will be split into two modules (for the total of 1 hour):

• Vulnerability management fundamentals
• Vulnerability management at Eclipse Foundation

Register for day 1: https://eclipse.zoom.us/meeting/register/dslc2RgjSP2tzVY8SJsx4Q

During day 2 (November 20) you will learn:

• What are embargoes and how they work
• How to handle a multi-project issue
• How to coordinate releases between projects
• How to write security advisories
• How to evaluate your dependencies and with which tools
• What is SBOM (Software Bill of Materials)? And how can you generate one for your Project?
• How to use the Eclipse Foundation SBOM storage

During day 2 starting 10:00 CET, 8:00 UTC the content will be split into three modules (for a total of 1 hour):

• Vulnerability response coordination and embargoes
• Dependency management
• Software Bill of Materials

Register for day 2: https://eclipse.zoom.us/meeting/register/HtNBICn8RUGpwRci_HXwmg

About our training:

• Our training is open to all: Contributors, Committers and users of Eclipse Foundation projects, and is free of charge. 
• The only pre-requirement is to have some experience in software development (in any programming language).
• People who complete both sessions will receive a nice badge.
• The training will have a form of an interactive lecture (around 15 minutes length each) with QA time and quizzes.
• Recordings will be available for everyone after our two sessions.

Register today to get the link directly to your mailbox!