Hands-on Workshops and 3rd User Group Meeting
Date: Tuesday, May 12, 2026
Type: Public Workshops + User Group Meeting
Location: B206, KU Leuven Campus Gent
Overview
This BUGATTI event combined two hands-on workshops with the third User Group meeting. The sessions focused on practical security engineering for embedded systems: securing CI/CD pipelines and improving vulnerability triage in Yocto-based environments. The follow-up discussion gathered structured feedback from participating companies on tooling needs, adoption barriers, and topics for future dissemination activities.
Why This Matters
- Modern embedded products increasingly depend on automated build and release pipelines, which means CI/CD security is now part of product security.
- Vulnerability management in embedded Linux is rarely straightforward: teams need to assess whether a reported CVE actually applies to their Yocto-based system before spending effort on remediation.
- The BUGATTI project focuses on practical methods and tooling that help companies strengthen embedded software security in day-to-day engineering work.
Workshop Sessions
Workshop 1
Building and Securing CI/CD Pipelines for Embedded Systems using GitHub Actions
VUB Soft
Workshop 2
When CVE Tools Disagree: Hands-On Yocto Vulnerability Triage
Jef Jacobs and Jorn Lapon, KU Leuven DistriNet