The MariaDB Foundation and security - Finding and fixing vulnerabilities the open source way
The MariaDB Foundation has started a new effort to coordinate finding and fixing security vulnerabilities in the code base of MariaDB and MySQL.
In this talk, the current activities of the MariaDB Foundation's security efforts are presented, including for example, the recently devised Responsible Disclosure Policy and Hacker One bug bounty program, as well as future plans for continuous and automated security testing to be baked into our Continuous Integration and Testing pipelines.
As one of the world's most popular piece of server software and part of critical infrastructure, hosting vast amounts of databases, it is crucially important that it stays safe and operates without security issues. History has shown us we cannot trust any piece of software to be inherently secure, thus any project must have proper vulnerability disclosure and management procedures, be eager to collaborate with the security community and follow disclosure guidelines, as well as pro-actively look for security bugs in their own code base.