The HDF Group's Call the Doctor
The HDF Group's Call the Doctor
HDF5 is now CVE Free! Dana Robinson on Call the Doctor 9-5-23
In this episode of Call the Doctor, Dana Robinson, director of software engineering gives some updates on the HDF5 library, particularly emphasizing the successful resolution of all known Common Vulnerabilities and Exposures (CVEs). Dana highlights the comprehensive efforts to ensure the library's security and stability across various branches, with special attention given to version 1.14. They confirm that all maintenance branches are now free of CVEs, reassuring users about the library's integrity.
Additionally, the discussion covers ongoing work, including addressing issues reported by the OSS Fuzz testing platform. Dana briefly mentions the use of CodeQL and Coverity scans for identifying and rectifying potential code vulnerabilities. While strides have been made in fortifying the file I/O layer for metadata, Dana anticipates occasional security vulnerabilities may still arise, which will be promptly addressed. The video also touches on upcoming events like the European HDF Users Group Meeting, encouraging community involvement in shaping the library's future.
This session happened on September 5, 2023. You can also watch this episode online.
Call the Doctor is a series of weekly, unscripted, live events! The HDF Group’s staff members will answer attendee questions and, for example, go over the previous week’s HDF Forum posts. The HDF Clinics are free sessions intended to help users tackle real-world HDF problems from a common cold to severe headaches and offer relief where that’s possible. As time permits, we will include how-tos, offer advice on tool usage, review your code samples, teach you survival in the documentation jungle, and discuss what’s new or just around the corner in the land of HDF.
Join us every Tuesday at 12:20 p.m. central (US/Canada.) on Zoom!