Managing Vulnerabilities in Open Source Components in ICS presented at ICSCyberSecurityConference 2020

by Sz Lin,

Summary : Open source components are becoming essential components in industrial control systems and critical infrastructure. It's not only ICS that use more commercial off-the-shelf (COTS) software and hardware but also more industrial protocols are implemented by open source projects. Thus, it's a pivotal challenge to keep code quality high in a variety of open source components to avoid an exploit or flaw, which may cause harm to the systems that have not been updated in time. However, availability is paramount for ICS, which means the vulnerability factor of open source components should be considered and evaluated in the design phase to reduce the amount of the patch update in the maintenance phase.In this presentation, SZ Lin will introduce the overview of selecting the secure sources of open source components. Also, he will share the experiences in tracking vulnerabilities and patching open source components to manage vulnerabilities of open source components holistically in ICS.Attendees can expect to get a whole picture of tracking and maintaining vulnerabilities in open source components. Furthermore, this will help attendees realize how to select use, and maintain open source components for the ICS base on their requirements.