(open)SUSE Product security (osc22)

This talk will introduce the SUSE Product Security team, who handles the software security processes for openSUSE and also SUSE Linux Enterprise. The SUSE Product Security work is split into "reactive" and "proactive" areas and engineering groups these days. Reactive work refering to what is traditionally known as "security incident response", while proactive refers to security audits, design reviews and related areas of secure software development. The talk will focus on the reactive side, giving statistics, and talk about some highlights from the last year. Also bringing a small overview over how closing the leap gap changes affects the openSUSE Maintenance process. This talk will introduce the SUSE Product Security team, who handles the software security processes for openSUSE and also SUSE Linux Enterprise. The SUSE Product Security work is split into "reactive" and "proactive" areas and engineering groups these days. Reactive work refering to what is traditionally known as "security incident response", while proactive refers to security audits, design reviews and related areas of secure software development. The talk will focus on the reactive side, giving statistics, and talk about some highlights from the last year. Also bringing a small overview over how closing the leap gap changes affects the openSUSE Maintenance process. about this event: https://c3voc.de