Eclipse Foundation Security Training 2025: Intro to Vulnerability Management & CVE Best Practices

Channel:
Eclipse Foundation
Subscribers:
24,300
Published on ● Video Link: https://www.youtube.com/watch?v=1FnYqzRCo2o


Duration: 0:00
68 views
2

Welcome to Eclipse Foundation Security Training 2025! This session provides developers with a practical introduction to vulnerability management, including how to identify vulnerabilities, understand CVEs, and report issues responsibly. Learn about the major vulnerability databases (CVE, NVD, OSV), severity scoring (CVSS), and real-world examples through interactive exercises and a quiz.

🔐 Explore our security programs: https://www.eclipse.org/security

TIMESTAMPS
00:00 Welcome & Training Overview
01:37 Understanding Vulnerabilities: Definitions & Core Principles
05:04 Exercises: Is It a Vulnerability?
08:57 CVE & NVD: How Vulnerabilities Are Tracked
14:04 Reading a CVE Example: Eclipse OpenJ9
18:48 Reporting Vulnerabilities Responsibly
21:26 How Eclipse Foundation Handles Security Reports
22:19 Interactive Quiz & Live Q&A
27:25 Quiz Results & Closing Remarks



Other Videos By Eclipse Foundation


2025-07-10Concerned about the CRA and how it impacts open source?
2025-07-09Europe’s Silicon Comeback: Maturing RISC-V with TRISTAN and OpenHW
2025-07-08Discover the Eclipse Cloud Interest Group: Mike Milinkovich's Vision for Digital Sovereignty
2025-06-26CRA Mondays | The CRA: Why even your fridge might need a lawyer | Pedro Demolder
2025-06-26Unpacking the CRA: From Draft to Delivery – ORC Working Group’s first deliverables
2025-06-25What is Eclipse Xpanse?
2025-06-24Embedded World 2025 Aftermovie
2025-06-20Eclipse Foundation Security Training 2025: Managing Dependency Risks
2025-06-20Eclipse Foundation Security Training 2025: Advanced Vulnerability Management
2025-06-20Eclipse Foundation Security Training 2025: How We Manage Vulnerability Reports
2025-06-20Eclipse Foundation Security Training 2025: Intro to Vulnerability Management & CVE Best Practices
2025-06-20Eclipse Foundation Security Training 2025 | SBOMs, Dependency Tracking, and Future Trainings
2025-06-10CRA Mondays | Supply-chain Levels for Software Artifacts (SLSA) | Arnaud Le Hors
2025-06-02SUMO-UAV-Py: A SUMO Plugin For UAV-Based Road Traffic Sensing
2025-06-02SUMO’s interpretation of the Krauß model
2025-06-02Effects of charging strategies and policies on electric vehicles and infrastructure
2025-06-02Towards Improved Traffic Impact Assessments for Construction Sites
2025-06-02SUMO in SPACE - Combining SUMO and dSPACE for Advanced Traffic Simulation
2025-06-02Modeling Passenger Boarding Times using Sumonity’s Sub-microscopic Pedestrian Simulation
2025-06-02Modeling Bus Traffic for the Berlin SUMO Traffic Scenario
2025-06-02HaTS - Hanover Traffic Scenario for SUMO