The MariaDB Foundation has started a new effort to coordinate finding and fixing security vulnerabilities in the code base of MariaDB and MySQL.
In this talk, the current activities of the MariaDB Foundation's security efforts are presented, including for example, the recently devised Responsible Disclosure Policy and Hacker One bug bounty program, as well as future plans for continuous and automated security testing to be baked into our Continuous Integration and Testing pipelines.
As one of the world's most popular piece of server software and part of critical infrastructure, hosting vast amounts of databases, it is crucially important that it stays safe and operates without security issues. History has shown us we cannot trust any piece of software to be inherently secure, thus any project must have proper vulnerability disclosure and management procedures, be eager to collaborate with the security community and follow disclosure guidelines, as well as pro-actively look for security bugs in their own code base.
I'm a passionate Open Source advocate and developer, UNIX head and occasionally sysadmin. I'm also deeply interested and involved in systems, network and information security as an independent researcher and aficionado.
I joined the MariaDB Foundation early 2018 as a Software Developer. I am also eager to contribute to the security aspect of MariaDB (having crafted a Responsible Disclosure policy and published our HackerOne bug bounty program) and also took on the initiative of setting up a fresh and modern instance of Buildbot for our ever growing needs for Testing and Continuous Integration on all supported platforms.
View my profile here: