BGP’s deployment model makes even modest software bugs have significant consequences on global Internet routing.
When is a bug just a bug and not a security issue?
CVSS is a scoring system used to classify issues and is an important input toward vendors issuing security alerts - and subsequently locking down all information on that issue.
We discuss BGP and CVSS scoring and its impact upon the availability of information on BGP implementation defects.
Jeffrey Haas: Jeffrey Haas is a Distinguished Engineer at Juniper Networks where he works on the implementation and specification of BGP. Jeffrey is a Chair at the IETF IDR (inter-domain routing) Working Group where BGP is standardized. Additionally, in IETF, Jeffrey is a Chair for the BFD (bi-directional forwarding detection) Working Group. Jeffrey has been involved in working on Internet technologies since the late 90's where he worked at a small tier-3 ISP doing everything from helping people setup dial-up networking to helping maintain the company's Internet routing. Since then, he's worked at the NextHop startup that commercialized the GateD software; at Arbor Networks where he worked on routing, flow analytics, and management software; and most recently with Juniper. Jeffrey's day job is a mix of work on code, standards, and working with customers solving interesting problems. For fun, Jeffrey spends his off hours as an active participant in the Society for Creative Anachronism (SCA) and thoroughly enjoys a good, dark beer.
Speakers:
Jeffrey Haas
Matt Paulsen - Juniper Networks, Inc.