Open source C++ packages vulnerabilities and tools - Luis Caro

The highest priority of the C++ language is security in the language itself. But what happens after a security issue is identified in some existing open source C or C++ library? This talk will give an introduction of CVEs for C and C++ packages, report the state of the art and introduce different tools in this domain. It will also present the Software Build of Materials (SBOMs) concept, and the main standards such as CycloneDX and SPDX. The talk will finish demonstrating some of these concepts with Conan C++ package manager and the JFrog platform security tools.