As of this week, Claire Southwell is joining the board of PA Hackers as Project Manager. The Project Manager is responsible for organizing security-focused open source projects and contributions. The first project on the agenda is the Ubuntu CVE tracker.
Now, what is the Ubuntu CVE tracker? It’s a system for determining which releases of Ubuntu are affected by a given vulnerability.
You can see the CVE number on the left, followed by the software package in question, then columns for each release of Ubuntu. Anywhere it says the release “needs triage”, that indicates that the presence of the vulnerability has not been confirmed either way. Ubuntu needs contributors to investigate and *triage* the CVE. There are over 11,000 vulnerabilities in this list and over 13,000 instances of “needs-triage.” There’s a lot of work to do, and every little bit helps.
As stated in the PA Hackers Charter, our mission scope includes providing mentorship, enabling networking, and organizing contributions to open source projects. If we can build a team of individuals who are dedicated to spending even a few hours a month on CVE triage, we can accomplish those goals and make a major contribution to Ubuntu security.
Claire plans to begin weekly meetings for this project in the near future. If this sounds like something you’d like to get involved with, or if you have any questions about the project, please connect with her on Discord: @thehinkydonut.