CCing ubuntu-devel-discuss for the wider devel audience to weigh in on.
MOST security scanners do NOT take into account the Ubuntu USNs for
security release patching and go *strictly* on version number strings -
in almost ALL of these cases, 'version based scanning' for
vulnerabilities without
Michael and list
On Wed, Jan 19, 2022 at 7:47 AM Yan, Michael wrote:
> Hi,
>
> We are evaluating "Ubuntu Pro FIPS 18.04 LTS” for our k8s deployment in
> Cloud. After scanning the image with BlackDuck, there are 176 critical/high
> CVEs reported. I wonder if they are real security risks and what
Hi,
We are evaluating "Ubuntu Pro FIPS 18.04 LTS” for our k8s deployment in Cloud.
After scanning the image with BlackDuck, there are 176 critical/high CVEs
reported. I wonder if they are real security risks and what mitigation measures
I can take. Does Ubuntu have such security scan report?
Hi,
We are evaluating "Ubuntu Pro FIPS 18.04 LTS” for our k8s deployment in Cloud.
After scanning the image with BlackDuck, there are 176 critical/high CVEs
reported. I wonder if they are real security risks and what mitigation measures
I can take. Does Ubuntu have such security scan report pub