Explore the intricacies of open source CVE monitoring and management in this 40-minute Linux Foundation conference talk. Gain insights into the process of monitoring Common Vulnerabilities and Exposures (CVEs), determining their applicability, assessing severity, and finding fixes. Delve into the challenges of tracking CVEs due to inaccuracies in NVD/MITRE feeds and scanning tools. Learn techniques to mitigate issues and improve device security posture. Discover the DIY approach to CVE monitoring and patching, understand the pros and cons of upgrades versus backports, and examine CVE data quality issues. Investigate Yocto-specific solutions and improvements for CVE checking. Analyze delays in CVE reporting and explore strategies for leveraging work done by others. Gain knowledge about secure boot, chain of trust, and layered security approaches. Leave with valuable insights and a tools wishlist to enhance your open source security practices.