Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only! Grab it Learn about ONAP's successful vulnerability management strategy in this conference talk that explores how the Open Network Automation Platform became the leading LFN Project for fixing vulnerabilities. Discover the comprehensive CVE process integration implemented to reduce supply chain vulnerabilities, including the community's systematic approach to upgrading packages in each release. Explore how the security subcommittee developed an effective process over ten releases, incorporating software composition analysis in build pipelines and detailed package upgrade tasks. Gain insights into the project's successful response to the log4j zero-day vulnerability and their ongoing efforts to improve code quality. Understand practical strategies for automating package upgrade analysis, simplifying complex upgrade recommendations, and collaborating with vendors and other Linux Foundation projects on vulnerability management. Follow the journey from initial security decisions to current automated processes, learning valuable lessons for managing open source software security at scale. Read more